WO2008105703A1 - Pos module - Google Patents

Pos module Download PDF

Info

Publication number
WO2008105703A1
WO2008105703A1 PCT/SE2008/000046 SE2008000046W WO2008105703A1 WO 2008105703 A1 WO2008105703 A1 WO 2008105703A1 SE 2008000046 W SE2008000046 W SE 2008000046W WO 2008105703 A1 WO2008105703 A1 WO 2008105703A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
key
transmission
cellular phone
card
Prior art date
Application number
PCT/SE2008/000046
Other languages
French (fr)
Inventor
Anders Björhn
Emil-Emir Pilavic
Adrian Hinz
Original Assignee
Bjoerhn Anders
Emil-Emir Pilavic
Adrian Hinz
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bjoerhn Anders, Emil-Emir Pilavic, Adrian Hinz filed Critical Bjoerhn Anders
Publication of WO2008105703A1 publication Critical patent/WO2008105703A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/18Payment architectures involving self-service terminals [SST], vending machines, kiosks or multimedia terminals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3223Realising banking transactions through M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3274Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being displayed on the M-device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B15/00Arrangements or apparatus for collecting fares, tolls or entrance fees at one or more control points
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity

Definitions

  • the present invention pertains to a system comprising a first radio operated device, and at least one second radio operated device adapted to at least one of receiving and transmitting encrypted data between each other. It also relates to the second device.
  • GSM Global System for Mobile communication
  • CDMA Code Division Multiple Access
  • WCDMA Wideband Code Division Multiple Access
  • FDMA Frequency Division Multiple Access
  • GSM/3G third generation or any other in the market appropriate mobile or cellular system.
  • Such an encryption protocol should also be useful when transmitting through Bluetooth, RFID (Radio Frequency Identification) from a cellular phone/PDA to devices other then cellular phones/PDA having Bluetooth, RFID receivers and/or transmitters.
  • RFID Radio Frequency Identification
  • An aim of the present invention is to provide a new and inventive encryption protocol/scheme comprised in a cellular phone, to transfer data, including speech when proper, in order to accomplish a safe transmission from and to cellular phones, or between cellular phones and other devices having receivers and/or transmitters to communicate through Bluetooth and/or RFID.
  • the present invention encryption can be utilized for radio communication between other devices then cellular phones, having such capabilities.
  • the present invention provides a device to be connected/embedded to/in a POS equipment for purchases.
  • the present invention provides that no modification to existing POS terminals is normally necessary, if the POS has interfaces adapted to receive communication through USB, Rs232, and Rs485 ports, or other similar known communication ports.
  • a device with cellular phone capabilities is provided the encryption protocol/scheme in accordance with the present invention, as well as the device of the present invention. But, the encryption of the present invention can be provided only to the cellular phone, when utilized for other radio communication then purchasing at a POS.
  • the present invention provides a plurality of application embodiments utilizing its encryption protocol/scheme for safer communication of information and data.
  • One inventive application presents a substitution to cards used for payment such as credit cards, shop cards, debit cards, smart cards, petrol cards, bank cards, custom relations management cards, and the like. Henceforth, all cards are comprised as bank cards for the simplicity of the description, but not limiting the present invention to one type of card.
  • One application of the present invention comprises that a cellular telephone number is a unique identifier of the person bearing the phone.
  • a cellular phone comprises a barcode generator generating barcodes in the phone display with the use of encryption keys provided to a database comprising the same barcode generator and encryption key in a data post bearing the phone number of the cellular phone mentioned.
  • the same barcode is generated in booth the cellular phone and the database at any predetermined given time period for matching when purchasing at a POS (Point Of Sale) through the barcode presented in the cellular phone display, thus preventing forgery by for example taking a footage of the barcode presented in the display together with the specific phone number for the phone, also stored in the database for matching.
  • the phone number is always present within the barcode, but the barcode is differently generated for every purchase by the utilization of a key as mentioned.
  • An alternative embodiment comprises that the device of the present invention comprises a bar code generator providing a cellular phone with new barcodes after a purchase has been accomplished through the barcode displayed in the phone display screen.
  • a cellular phone according to the present invention is equipped with an RFID tag/chip, providing active or passive communication.
  • RFID tag/chip providing active or passive communication.
  • current devices with cellular phone transmission capabilities are equipped with IR and/or Bluetooth communication to transmit and receive data.
  • the encryption protocol/scheme is downloaded to the cellular device according to the present invention and stored in one of the devices available memories.
  • a further application provided through the present invention is a money transfer between a cellular phone and an automatic teller machine (ATM), thus the ATM is provided a device according to the present invention in order to receive RFID, Bluetooth signals, and other possible radio signals so that a person can withdraw cash from the ATM.
  • ATM automatic teller machine
  • the present invention sets forth a system comprising a first radio operated device, and at least one second radio operated device adapted to at least one of receiving and transmitting encrypted data between each other by establishing a data connection.
  • the first and at least second device comprise: an encryption algorithm in a memory; a key exchange protocol to provide a final key which activates the encryption algorithm in the devices; a random multiple integer start value generator, continuously incrementing the integer in a loop for such a purpose; the continuously incremented integer being a random start value received by the key exchange protocol at the moment of a transmission being established by one of the devices, utilized by the key exchange as a first key; at least one second key is hard coded and provided the key exchange protocol to identify the type approved, for instance type of card, company or organization, of the first and second device reception through identification numbers; the key exchange protocol utilizing the first, and second key to create the final key to start the encryption algorithm; after agreement through hand shaking of the final key, provided by the key exchange protocol, by the first and second devices through a
  • an established transmission is released if the text CARRIER is a part of incoming data, or when a button for releasing transmission is pushed on the first or second devices.
  • Another embodiment comprises that the first device has cellular phone capacity and the at least one second device has cellular phone capacity.
  • a further embodiment provides that the first device has cellular phone capacity, and the second device is an entity connected/comprised to/in a POS terminal, whereby a purchase is accomplished through the phone and the entity, utilizing RFID or Bluetooth transmission.
  • a still further embodiment comprises that the cellular phone and the second device are provided RFID tags/chips between which a transmission of data is established.
  • Another embodiment comprises that the communication between the first and second device is established through Bluetooth. Yet another embodiment comprises that encryption/encoding software is bound/affiliated to a cellular phones international mobile station equipment identity.
  • Still a further embodiment comprises that a changeable device user third key is input by the user to the key exchange protocol in order to swap between the at least one second hard coded key to change the identified type approved such as card type, company and organization defined by different identification numbers.
  • the present invention sets forth a radio operated device, the second device in the attached claims 1 to 8, adapted to at least one of receiving and transmitting encrypted data by establishing a data connection.
  • the invention thus comprises: a micro controller unit, controlling the device; a memory for storing software comprising; an encryption algorithm; a key exchange protocol to receive a final key which activates the encryption algorithm in the device; after agreement through hand shaking of the key, provided by the key exchange protocol, by an external device to the device through a radio communication, the encryption algorithm starts encrypting an established transmission of data from the external device; transmitted data is packet as a header of a predetermined number of bytes plus encrypted data of a predetermined number of bytes, the header being utilized to synchronize transmission of data if bytes in a communication between devices are lost or added; and to minimize delay time between devices participating in a transmission of data incoming data traffic is searched for the latest header, and earlier received data is discarded, whereby the encrypted data always comprises the latest complete incoming header plus data, which is stored in a buffer of
  • Another embodiment comprises a bar code generator, which generates a new bar code to be transmitted to the external device after a purchase at a post of sales, the bar code being displayed in a display screen at the external device to be scanned at a post of sale at a next purchase through a bar code scanner to permit or object the purchase made.
  • a still further embodiment comprises that the device is connected to or comprises a bar code scanner.
  • Yet another embodiment comprises that the device is comprised in or attached/connected to an automatic teller machine, whereby it permits or objects withdraw of funds from the machine.
  • Fig. 1 schematically illustrates one embodiment of a cellular phone in accordance with the present invention
  • Fig. 2 schematically illustrates one embodiment of a bank card
  • Fig. 3 schematically illustrates an embodiment of a system for a point of sale in accordance with the present invention
  • FIG. 4 schematically illustrates a block diagram of a device connected to a POS depicted in Fig. 3 and Fig. 5 in accordance with the present invention
  • Fig. 5 schematically illustrates a block diagram depicting the device of Fig. 4 generating bar codes to be displayed in a cellular phone display screen:
  • Fig. 6 schematically illustrating a system according to Fig. 3, wherein a cellular phone and a database comprising the same unit/program generating barcodes or 2D codes or like codes on the market;
  • Fig. 7 schematically illustrates an embodiment of world wide withdraw of money from ATM machines through the use of cellular phones in accordance with the present invention
  • FIG. 8 schematically illustrates an embodiment in accordance with Fig. 6
  • Fig. 9 schematically illustrates an embodiment where an ATM machine comprises a device according to Fig. 4 of the present invention.
  • Fig. 10 schematically illustrates an embodiment of how a money withdrawal is accomplished by transferring money to an ATM in a foreign country in accordance with an embodiment of the present invention.
  • An aim of the present invention is to provide a new and inventive encryption protocol/scheme comprised in a cellular phone, to transfer data, including speech when proper, in order to accomplish a safe transmission from and to cellular phones, or between cellular phones and other devices having receivers and/or transmitters to communicate through Bluetooth and/or RFID. Also, the present invention encryption can be utilized for radio communication between other devices then cellular phones, having such capabilities.
  • the present invention provides a device to be connected/embedded in POS equipment for purchases.
  • a device with cellular phone capabilities is provided the encryption protocol/scheme in accordance with the present invention, as well as the device/puck/pay module of the present invention. But, the encryption of the present invention can be provided only to the cellular phone, when utilized for other radio communication then purchasing at a POS.
  • the phone when the device/puck/pay module is comprised in a cellular phone, the phone is able to act as a POS terminal. It can also act as a money transfer between cellular phones.
  • the present invention provides a plurality of application embodiments utilizing its encryption protocol/scheme for safer communication of information and data.
  • One inventive application presents a substitution to cards used for payment such as credit cards, shop cards, debit cards, smart cards, petrol cards, bank cards, custom relations management cards, and the like. Henceforth, all cards are comprised as bank cards for the simplicity of the description, but not limiting the present invention to one type of card.
  • a cellular telephone number is a unique identifier of the person bearing the phone.
  • a cellular phone comprises a barcode generator generating barcodes in the phone display with the use of encryption keys provided to a database comprising the same barcode generator and encryption key in a data post bearing the phone number of the cellular phone mentioned.
  • the same barcode is generated in booth the cellular phone and the database at any predetermined given time period for matching when purchasing at a POS (Point Of Sale) through the barcode presented in the cellular phone display, thus preventing forgery by for example taking a footage of the barcode presented in the display together with the specific phone number for the phone, also stored in the database for matching.
  • POS Point Of Sale
  • the phone number is always present within the barcode, but the barcode is differently generated for every purchase by the utilization of a key as mentioned.
  • the POS terminal utilizes for instance the commonly utilized PCI-DSS standard (Payment Card Industry Data Security Standard) for transactions such as payment.
  • PCI-DSS Payment Card Industry Data Security Standard
  • the device/puck/pay module does not interfere with the PCI-DSS standard when transaction are accomplished through the POS communication protocol, i.e., no changes or updating of the POS is neccessary.
  • the pay module is described through Fig. 4 and its related text.
  • the device/puck/pay module of the present invention comprises a bar code generator providing a cellular phone with new barcodes after a purchase has been accomplished through the barcode displayed in the phone display screen.
  • the device/puck/pay module is provided radio transmitting and receiving equipment such as a cellular phone or the like, whereby it can act as a POS on its own. If the radio equipment is not embedded in the module it can be provided through a PCMCIA card (Personal Computer Memory Card
  • a cellular phone according to the present invention is equipped with an RFID tag/chip, providing active or passive communication.
  • RFID tag/chip providing active or passive communication.
  • current devices with cellular phone transmission capabilities are equipped with IR and/or Bluetooth communication to transmit and receive data.
  • the encryption protocol/scheme is downloaded to the cellular device according to the present invention and stored in one of the devices available memories.
  • a further application provided through the present invention is a money transfer between a cellular phone and an automatic teller machine (ATM), thus the ATM is provided a device/puck/pay module according to the present invention in order to receive RFID, Bluetooth signals, and other possible radio signals so that a person can withdraw cash from the ATM.
  • ATM automatic teller machine
  • cellular phone When the expression cellular phone is used throughout the description of the present invention it should be regarded as a pocket sized handheld device having cellular phone capabilities which also includes a PDA (Personal Digital Assistant) operating in any cellular network or the like such as GSM (Global System for Mobile communication) utilizing TDMA (Time Division Multiple Access), CDMA (Code Division Multiple Access), WCDMA (Wideband Code Division Multiple Access, FDMA (Frequency Division Multiple Access) or any other in the market appropriate mobile or cellular system.
  • GSM Global System for Mobile communication
  • TDMA Time Division Multiple Access
  • CDMA Code Division Multiple Access
  • WCDMA Wideband Code Division Multiple Access
  • FDMA Frequency Division Multiple Access
  • the encryption thus incorporates the well known cryptography/encryption algorithms named Blowfish, TwoFish, RSA (Rivest-Shamir- Adleman), ghost and the like.
  • Blowfish is a keyed symmetric block cipher designed by Bruce Schneier, and the Diffie-Hellman key agreement/key exchange protocol, RSA, ghost and the like, which allow two users to exchange a secret key over an insecure medium without any prior secrets.
  • Diffie-Hellman creates keys from predetermined keys in the devices of the present invention.
  • RSA and ghost can be utilized both as encryption algorithms and key encryption protocols.
  • POS comprises any point of sale for instance such as found in shops, malls, and ticket machines at bus stations, subway stations, train stations, Airports, parking lots and the likes. It is also appreciated that a call and/or data in the context of the present invention includes speech and/or data transmission by establishing a data connection.
  • the present invention provides a system comprising a first radio operated device such as a cellular phone, and a second radio operated device, could also be a cellular phone, or a device as depicted in Fig. 4, adapted to at least one of receiving and transmitting encrypted data between each other.
  • Both the first and the second device comprise in one embodiment of the invention a 448 bit Blowfish encryption algorithm in an electronic memory of the devices as well as a Diffie-Hellman key agreement protocol, 512/1024 bits, to provide a final key which activates the Blowfish encryption in the devices.
  • This key is transmitted from the device starting a transmission to a receiving device, which agrees to the key through a hand-shaking procedure.
  • the key triggers the Blowfish algorithm to start encrypting data to be transmitted, and the Blowfish algorithm on the receiving side of the transmission is triggered to encode the received data as the both Blowfish algorithms are utilizing the same agreed key transmitted through the Diffie-Hellman protocol.
  • the key that is agreed upon through the hand-shaking is in one embodiment created as follows, by the Diffie-Hellman protocol is given a random multiple 16 bit integer start value.
  • This integer start value is continuously incremented through a dedicated software loop for that purpose.
  • the continuously incremented integer is provided as a random start value, as a first 16 bit key, received by the Diffie-Hellman protocol at the moment of a transmission being established by one of the devices.
  • the Diffie-Hellman protocol is provided at least one second key fixed and hard coded in the devices, as well as the 512 bit hard coded prime number.
  • This second key identifies the card (Visa, MasterCard, American Express or the like cards) or a specific predetermined company, organization, person or the like by a number for instance a card number or organization number.
  • Another value input to the Diffie-Hellman is a device user key entered and changeable by the user through for instance a menu on a cellular phone display, hereby named the third key.
  • a changeable device user third key can be input by the user to the key exchange protocol in order to swap between the at least one second hard coded key to change the identified type approved such as card type, company, organization and person defined by different identification numbers.
  • the Diffie-hellman protocol utilizing the first key, second hard coded prime number key, and third key to create a final common key to be utilized by the devices communicating to trigger the Blowfish encryption and/or encoding.
  • the blowfish algorithm starts encrypting an established transmission of data between the first and at least one second device through a so called tunnel described below.
  • Transmitted data is packet as a header of a predetermined number of bytes such as for instance a 1 byte header plus encrypted data of a predetermined number of bytes such as for instance 24 bytes.
  • the header is utilized to synchronize transmission of data if bytes in a communication between devices are lost or added during transmission.
  • incoming data traffic to a device is searched for the latest header, and earlier received data is discarded, whereby the encrypted data always comprises the latest complete incoming header plus data, which is stored in a buffer of a predetermined size for instance of four packets of header plus data.
  • This makes up the so called tunnel for transmission as mentioned above.
  • An established transmission is released if the text CARRIER is a part of incoming data, or when a button for releasing transmission is pushed on the first or second devices such a button could for instance be the hang up button on a cellular phone, or the hands free button.
  • Device A generates one new key and transmits it to device B.
  • the first device has cellular phone capacity and the at least one second device also has cellular phone capacity.
  • the first device has cellular phone capacity
  • the second device is an entity, se Fig. 4, connected/comprised to/in a POS terminal, whereby a purchase is accomplished through the phone and the entity, utilizing RFID or Bluetooth transmission.
  • the cellular phone and the second device are provided RFID tags/chips between which a transmission of data is established. Communication between the first and second device can also be established through Bluetooth.
  • Fig. 1 schematically illustrates one embodiment of a cellular phone 10 in accordance with the present invention.
  • the phone 10 has a unique subscriber telephone number attached to it, herein fictively +4670123456789, identifying the person and/or company having the subscription.
  • a tag/phone display screen 12 Depicted in Fig. 1 is a tag/phone display screen 12, which can be of any type such as a barcode, RFID tag (those are not shown), but they are comprising the telephone number to the cellular phone 10 as shown at reference numeral 14.
  • the tag is intended to be scanned/read at a point of sale for connecting the telephone number to a purchase.
  • a point of sale (POS) terrhinal comprising a keypad could be utilized to enter the telephone number, +4670123456789, and the PIN code, or a tag or barcode, 2D code or the like could be stored in the cellular phone 10 memory and be re-called to be displayed on the phone 10 screen (not shown).
  • An alternative is to phone the POS with, +4670123456789, to store and connect the phone number to a purchase. This requires that the POS is equipped with a telephone call receiver for this purpose.
  • the PIN code in one embodiment is of the biometric type such as a fingerprint being transmitted to the phone 10 by radiation to a receiver at the POS, or by being displayed on the phones screen and scanned at the POS.
  • a person's bank data is schematically illustrated as a set of cards 16 such as smart card, petrol card, debit card, credit card bank card, shop card and other like cards.
  • the persons/companies bank data for authorization of payment transfer according to the data, for instance comprised on the cards 16 is stored in a database at a bank server under the database post +4670123456789 in one embodiment of the present invention such as:
  • Bank(-ing) authorization data PIN code A major idea behind the present invention comprises that a cellular telephone
  • the 10 number, +4670123456789, is a unique identifier of the person/company bearing the phone 10.
  • an acquirer node application (acquire node)
  • the acquire node application acts as a communication device and holds software for accomplishing telephone A-number identification/retrieving it, checking phone numbers, equipment for receiving telephone calls, and other necessary tasks known to a person skilled in the art for acting as an acquirer.
  • Fig. 2 schematically illustrated, is one embodiment of a bank card 20 in accordance with the present invention and its identity/authorization data.
  • the ANSI Standard X4.13-1983 is utilized by many credit card systems. Here are what some of the numbers on the card stand for.
  • the first digit in on a credit-card number signifies the system, 3 - travel/entertainment cards (such as American Express and Diners Club), 4— Visa, 5 - MasterCard, 6 - Discover Card.
  • the structure of the card number, 4 4, as depicted in Fig. 2 on card 20 varies by system.
  • American Express card numbers start with 37; Carte Blanche and Diners Club with 38.
  • American Express - digits three and four are type and currency
  • digits five through 11 are the account number
  • digits 12 through 14 are the card number within the account
  • digit 15 is a check digit.
  • the Visa - digits two through six are the bank number, digits seven through 12 or seven through 15 are the account number and digit 13 or 16 is a check digit.
  • MasterCard - digits two and three, two through four, two through five or two through six are the bank number (depending on whether digit two is a 1 , 2, 3 or other).
  • the digits after the bank number up through digit 15 are the account number, and digit 16 is a check digit, here a 4.
  • the stripe on the back of a credit card is a magnetic stripe, often called a magstripe. There are three tracks on the magstripe. Each track is about one-tenth of an inch wide.
  • Track one is 210 bits per inch (bpi), and holds 79 6-bit plus parity bit read-only characters.
  • the track two is 75 bpi, and holds 404-bit plus parity bit characters.
  • Track three is 210 bpi, and holds 1074-bit plus parity bit characters.
  • a credit card 20 typically uses only tracks one and two.
  • Track three is a read/write track (which includes an encrypted PIN, country code, currency units and amount authorized), but its usage is not standardized among banks.
  • LRC is a form of computed check character.
  • the format for track two developed by the banking industry, is as follows: Start sentinel - one character, primary account number - up to 19 characters, separator - one character, country code - three characters, expiration date or separator - four characters or one character, discretionary data - enough characters to fill out maximum record length (40 characters total), and LRC - one character.
  • Information on the track format see ISO Magnetic Stripe Card Standards.
  • the EDC software at the point-of-sale POS
  • terminal dials a stored telephone number, utilizing a modem, broadband connection, wireless or other network and equipment known to a person skilled in the art, to call an acquirer.
  • An acquirer is an organization that collects credit-authentication requests from merchants and provides the merchants with a payment guarantee.
  • an acquirer company receives the credit-card authentication request, it checks the transaction for validity and the record on the magstripe for: Merchant ID, valid card number, expiration date, credit-card limit, card usage.
  • the "smart" credit card (smart card) is an innovative application that involves all aspects of cryptography (secret codes), not just the authentication described.
  • a smart card 20 has a microprocessor 22 built into the card itself. Cryptography is essential to the functioning of these cards: A user must corroborate his identity to the card each time a transaction is made, in much the same way that a PlN is used with an ATM (Automated Teller Machine). The card and the card reader executes a sequence of encrypted sign/countersign-like exchanges to verify that each is dealing with a legitimate counterpart.
  • the transaction itself is carried out in encrypted form to prevent anyone, including the cardholder or the merchant whose card reader is involved, from "eavesdropping" on the exchange and later impersonating either party to defraud the system.
  • This elaborate protocol is conducted in such a way that it is invisible to the user, except for the necessity of entering a PIN to begin the transaction.
  • the chips in these cards are capable of many kinds of transactions. For example, make purchases from a card holder's credit account, debit account or from a stored account value that is reload-able.
  • the enhanced memory and processing capacity of the smart card is many times that of traditional magnetic-stripe cards and can accommodate several different applications on a single card. It can also hold identification information, keep track of participation in an affinity (loyalty) program or provide access to premises.
  • the information described above held by a bank card 20, or smart card 20, 22 is similar to that what is expected to be stored under the database post or telephone number, +4670123456789, as bank data/authorization data together with a PIN code, or regarding a smart card 20, 22, this information/data is stored also in a memory, for instance SIM card or internal phone memory, of the cellular phone 10 to be transmitted from a POS to the database holding the post, +4670123456789, for comparison of correctness in accordance with the present invention.
  • encryption/encoding software is bound/affiliated to a cellular phones international mobile station equipment identity (IMEI), which is a wireless telecommunication term utilized to identify every specific cellular phone or mobile station.
  • IMEI international mobile station equipment identity
  • the present invention introduces a further security or authorization feature by calling the database, through its telephone number here fictively 9876543210, holding the database post with telephone numbers by the phone 10, with telephone number, +4670123456789, similar to making a card purchase at the POS. It is thus checked that the scanned or otherwise transmitted telephone number at the POS is +4670123456789, the same that has called the database, and if so a purchase is granted and the acquirer node sends a signal to the POS that the purchase is granted.
  • Fig. 3 depicting one embodiment out of several possible following the teaching of the present invention.
  • Fig. 3 schematically illustrates an embodiment of a system for a POS 30 in accordance with the present invention, herein including a clearing house which is common.
  • the POS 30 system is equipped with a device/puck/pay module 32 in accordance with the present invention comprising a scanner 73 and a terminal 34 for entering PIN codes and other characters through a keypad 35. It can also be equipped and connected to a swipe card slot 31 in one embodiment of the present invention
  • a customer purchasing at the POS holds his cellular phone 10, with tag 12, to be scanned by the scanner 73 comprised in the device 32, depicted in Fig.
  • the purchaser calls 36 schematically indicated by a GSM base station 38, with the phone 10 bearing the number, +4670123456789, a database server 46, utilizing a predetermined telephone number, her fictively 9876543210, at an acquirer node application 44, where the database server 46 stores the database posts holding telephone numbers that are connected and authorized to make purchases, as for instance +4670123456789 pointing at bank data allowing a purchase of merchandizes, goods, services and the like.
  • the call is registered with the telephone number, +4670123456789, in the database 46.
  • the call can be stored for a limited time, for example, two to five minutes, so that another purchase in a different store is possible.
  • the POS 30 connects to the acquirer node application through one of the networks 40, 42.
  • the connection to the acquirer node 44 could be established by the POS 30 attendant swiping a special card for the store or POS 30 in question opening up the communication for a purchase as it is actually currently accomplished when purchasing by using a bank card, thus emulating a connection as if the purchase was accomplished through a card. If the phone 10 has stored bank data emulating a smart card, the data has been transmitted for instance when calling the acquirer having telephone number 9876543210.
  • the acquirer node 44 it is checked through dedicated software for that purpose that the phone number +4670123456789 from the POS is the same as the one stored when the phone 10 was brought to call 9876543210 to register the phone number +4670123456789 for a purchase, and if so the database is checked that phone 10 holding number +4670123456789 is a registered telephone number allowed to be used for purchases.
  • the PIN code is checked together with bank authorization data. If the purchase is granted by the acquirer a grant message/signal is sent to the POS 30 and the purchase is closed as being correct and granted. This purchase is accomplished more or less as a current purchase with a bank card 20, 22, and very little upgrading of equipment has to be deployed at the POS 30 in order to make a purchase.
  • the POS 30 utilizes the feature of receiving a call from the phone 10 to connect the purchase with a phone number, +4670123456789, as described above, equipment such as receivers for that purpose are to be installed. It is appreciated that it is known to a person skilled in the art how to detect the phone number, +4670123456789, by A-number identification and CallerlD. It is also recognized that the telephone numbers used in the present description are fictive, and that an almost unlimited number of phones can be registered in databases 46 as database post for utilizing the findings of the present invention.
  • the acquirer 44 connects through a network 40 a clearing house 48, which settles the accounts by debiting the purchaser account at his/her bank and crediting the merchant at his/her bank through their bank server 50.
  • Fig. 4 schematically illustrates a block diagram of a device/puck/pay module 32 connected to a POS depicted in Fig. 3 and Fig. 5 in accordance with the present invention.
  • the device 32 comprises a micro controller unit 60, which controls the device 42 tasks.
  • a flash memory 62 is used to store the source code needed to operate the device 32.
  • the device 32 comprises at least one of an Rs232, Rs485 interface and a universal bus interface (USB) for connection to external devices such as a POS 30, having ports for such connection. It communicates through at least one of a Bluetooth receiver and/or transmitter 68 and a RFID receiver and/or transmitter 70.
  • An RFID 70 can be of a passive or active type.
  • the device 32 also comprises a switch 74, for example, a dip switch, which provides easy access to different software for external communication with for instance POS terminals stored in the flash memory 62.
  • a switch 74 for example, a dip switch, which provides easy access to different software for external communication with for instance POS terminals stored in the flash memory 62.
  • Any purchase through a POS 30 in accordance with the present invention utilizes the same protocols as currently used for backbone communication, i.e., communication utilized beyond the device 32 of the present invention to verify so called card data by for instance utilization of the PCI-DSS standard.
  • PCI-DSS PCI-DSS standard.
  • no modification to existing POS is normally necessary if the POS has interfaces adapted to receive communication through USB, Rs232, and Rs485 ports, or other similar known communication ports.
  • the RFID chip in the cellular phone 10, 11 can be of the strip type, as a chip attached in the cellular phone or as a chip integrated in the cellular phone SIM card (Subscriber Identity Module).
  • the device 32 comprises a bar code and/or 2D code generator generating a new code every time a purchase at a POS 30 is accomplished, which is transmitted to the cellular phone 10, 11 to be displayed and scanned by a code scanner connected to or comprised in the device 32 at the next purchase as depicted in Fig. 6.
  • a purchase made through a cellular phone 10, 11 can be confirmed by entering a PIN code at the POS 30 through a key pad 34 as is made currently when purchasing or registering with cards 16.
  • the device 32 is equipped with cellular radio capabilities such as GSM, GSM/3G or the like.
  • cellular radio communication can be provided through the PCMCIA card 76, or alternatively with a USB device providing radio communication (not shown).
  • Cellular communication can also be provided by integrating it to the device 32 (not shown).
  • Fig. 5 and 6 schematically illustrating a system according to Fig. 3, wherein a cellular phone 10 and a database 46 comprises the same unit/program 52 generating barcodes 13 or 2D codes or like codes known to a person skilled in the art.
  • a main embodiment of the present invention thus provides that a cellular phone 10 comprises a barcode generator generating barcodes 13 in the phone display 12 with the use of encryption keys provided to a database 46 and the phone memory unit 52, comprising the same barcode generator and encryption key in a data post bearing the phone number, +4670123456789 or referring to it, of the cellular phone 10 mentioned.
  • the same barcode 13 is generated in booth the cellular phone 10 and the database 46 (indicated by a broken line connector in Fig.
  • the phone number, +4670123456789 is always present within the barcode 13, but the barcode 13 is differently generated for every purchase at a POS 30 or the like by the utilization of a key for instance 1280 as depicted in Fig. 6, as mentioned, or other known encryption technique known to a person skilled in the art.
  • the key could be generated by the encryption program in the database when registering the cellular phone 10 number, +4670123456789 in accordance with the present invention and sent to the phonelO memory unit 52, which produces the same barcode 13 as the database for a matching as described above through the key.
  • the key can be entered in the database at any given time, i.e., allowing changes of the key, as well as it is registered in the phone memory unit 52 in order to let the memory unit 52 and database 46 produce the same barcode 13.
  • the cellular phone 10 memory unit 52 can reside in the phone SIM card or in an internal phone 10 memory.
  • the barcode 13 can be simultaneously generated in the phone bar code generator software and the database 46, thus matching each other to enable a purchase.
  • This generating of a barcode could be synchronized to occur at every purchase or at a predetermined time, determined by for instance a timer, not shown, to further inhibit forgery of the barcode 13 as the time for generation of a barcode can be arbitrary accomplished.
  • the barcode generator and/or key can be transmitted to the phone memory unit 52 when registering the phone number, +04670123456789, for purchase at a POS as described above.
  • Another alternative for withdrawing cash from an ATM call the server with your cellular phone 10, 11 and place a sum (prepay) to be retrieved from an ATM 80, for instance $ 1000. This amount can be withdraw at one ATM visit, or smaller sums at several ATM visits.
  • a further alternative to withdraw cash from an ATM 80 at a remote place for instance a foreign city involves transfer of cash from one cellular phone 10 to another cellular phone 11 , see Fig. 10.
  • Fig. 10 A further alternative to withdraw cash from one cellular phone 10 to another cellular phone 11 , see Fig. 10.
  • Provide your child the PIN code through, for example, a cellular phone call.
  • the child visits an ATM 80, and enters your cellular phone number and the one time PIN code and retrieves the cash $ 1000. If you trust the person they could be provided your regular PIN code.

Abstract

The invention regards a system comprising a first radio operated device (10, 11), and at least one second radio operated device (10, 11, 32) adapted to at least one of receiving and transmitting encrypted data between each other. An encryption algorithm in a memory (72), and a key exchange key agreement protocol to provide a final key which activates the encryption algorithm in the devices (10, 11, 32), is utilized. Moreover, the invention provides a radio operated device (32), adapted to at least one of receiving and transmitting encrypted data, to accomplish a purchase at a POS (30).

Description

Title
POS module Technical field
The present invention pertains to a system comprising a first radio operated device, and at least one second radio operated device adapted to at least one of receiving and transmitting encrypted data between each other. It also relates to the second device.
Background art
There is a need for a substitution to a Credit card and the like. Currently it is common that a person carries multiple such cards in for instance a wallet. Ten to twenty cards are not unusual. Moreover, a huge number of peoRle in all societies are owners to cellular phones, which they most likely carry everywhere they go and travel. Hence, it would be favorable only carrying a single device, which is well guarded by most persons, necessary in every day business, and thus seldom forgotten when leaving home.
Furthermore, there is a need for a safe encryption protocol to transfer data between radio devices having cellular phone capabilities, which also includes a PDA
(Personal Digital Assistant) operating in any cellular network or the like such as GSM (Global System for Mobile communication) utilizing TDMA (Time Division Multiple Access), CDMA (Code Division Multiple Access), WCDMA (Wideband Code Division Multiple Access, FDMA (Frequency Division Multiple Access), GSM/3G (third generation) or any other in the market appropriate mobile or cellular system.
Such an encryption protocol should also be useful when transmitting through Bluetooth, RFID (Radio Frequency Identification) from a cellular phone/PDA to devices other then cellular phones/PDA having Bluetooth, RFID receivers and/or transmitters.
Summary of the invention An aim of the present invention is to provide a new and inventive encryption protocol/scheme comprised in a cellular phone, to transfer data, including speech when proper, in order to accomplish a safe transmission from and to cellular phones, or between cellular phones and other devices having receivers and/or transmitters to communicate through Bluetooth and/or RFID. Also, the present invention encryption can be utilized for radio communication between other devices then cellular phones, having such capabilities.
Furthermore, the present invention provides a device to be connected/embedded to/in a POS equipment for purchases.
Specifically, the present invention provides that no modification to existing POS terminals is normally necessary, if the POS has interfaces adapted to receive communication through USB, Rs232, and Rs485 ports, or other similar known communication ports.
A device with cellular phone capabilities is provided the encryption protocol/scheme in accordance with the present invention, as well as the device of the present invention. But, the encryption of the present invention can be provided only to the cellular phone, when utilized for other radio communication then purchasing at a POS.
The present invention provides a plurality of application embodiments utilizing its encryption protocol/scheme for safer communication of information and data. One inventive application presents a substitution to cards used for payment such as credit cards, shop cards, debit cards, smart cards, petrol cards, bank cards, custom relations management cards, and the like. Henceforth, all cards are comprised as bank cards for the simplicity of the description, but not limiting the present invention to one type of card.
One application of the present invention comprises that a cellular telephone number is a unique identifier of the person bearing the phone.
Another application of the present invention provides that a cellular phone comprises a barcode generator generating barcodes in the phone display with the use of encryption keys provided to a database comprising the same barcode generator and encryption key in a data post bearing the phone number of the cellular phone mentioned. Hence, the same barcode is generated in booth the cellular phone and the database at any predetermined given time period for matching when purchasing at a POS (Point Of Sale) through the barcode presented in the cellular phone display, thus preventing forgery by for example taking a footage of the barcode presented in the display together with the specific phone number for the phone, also stored in the database for matching. In one embodiment the phone number is always present within the barcode, but the barcode is differently generated for every purchase by the utilization of a key as mentioned.
An alternative embodiment comprises that the device of the present invention comprises a bar code generator providing a cellular phone with new barcodes after a purchase has been accomplished through the barcode displayed in the phone display screen.
Moreover, a cellular phone according to the present invention is equipped with an RFID tag/chip, providing active or passive communication. As is known to a person skilled in the present art, current devices with cellular phone transmission capabilities are equipped with IR and/or Bluetooth communication to transmit and receive data. Hence, it is appreciated that the encryption protocol/scheme is downloaded to the cellular device according to the present invention and stored in one of the devices available memories.
A further application provided through the present invention is a money transfer between a cellular phone and an automatic teller machine (ATM), thus the ATM is provided a device according to the present invention in order to receive RFID, Bluetooth signals, and other possible radio signals so that a person can withdraw cash from the ATM.
To accomplish what is mentioned and other advantages, the present invention sets forth a system comprising a first radio operated device, and at least one second radio operated device adapted to at least one of receiving and transmitting encrypted data between each other by establishing a data connection. The first and at least second device comprise: an encryption algorithm in a memory; a key exchange protocol to provide a final key which activates the encryption algorithm in the devices; a random multiple integer start value generator, continuously incrementing the integer in a loop for such a purpose; the continuously incremented integer being a random start value received by the key exchange protocol at the moment of a transmission being established by one of the devices, utilized by the key exchange as a first key; at least one second key is hard coded and provided the key exchange protocol to identify the type approved, for instance type of card, company or organization, of the first and second device reception through identification numbers; the key exchange protocol utilizing the first, and second key to create the final key to start the encryption algorithm; after agreement through hand shaking of the final key, provided by the key exchange protocol, by the first and second devices through a radio communication, the encryption algorithm starts encrypting an established transmission of data between the first and at least one second device; transmitted data is packet as a header of a predetermined number of bytes plus encrypted data of a predetermined number of bytes, the header being utilized to synchronize transmission of data if bytes in a communication between devices are lost or added; and to minimize delay time between devices participating in a transmission of data incoming data traffic is searched for the latest header, and earlier received data is discarded, whereby the encrypted data always comprises the latest complete incoming header plus data, which is stored in a buffer of a predetermined size.
In one embodiment of the present invention an established transmission is released if the text CARRIER is a part of incoming data, or when a button for releasing transmission is pushed on the first or second devices.
Another embodiment comprises that the first device has cellular phone capacity and the at least one second device has cellular phone capacity.
A further embodiment provides that the first device has cellular phone capacity, and the second device is an entity connected/comprised to/in a POS terminal, whereby a purchase is accomplished through the phone and the entity, utilizing RFID or Bluetooth transmission. A still further embodiment comprises that the cellular phone and the second device are provided RFID tags/chips between which a transmission of data is established.
Another embodiment comprises that the communication between the first and second device is established through Bluetooth. Yet another embodiment comprises that encryption/encoding software is bound/affiliated to a cellular phones international mobile station equipment identity.
Still a further embodiment comprises that a changeable device user third key is input by the user to the key exchange protocol in order to swap between the at least one second hard coded key to change the identified type approved such as card type, company and organization defined by different identification numbers.
Furthermore, the present invention sets forth a radio operated device, the second device in the attached claims 1 to 8, adapted to at least one of receiving and transmitting encrypted data by establishing a data connection. The invention thus comprises: a micro controller unit, controlling the device; a memory for storing software comprising; an encryption algorithm; a key exchange protocol to receive a final key which activates the encryption algorithm in the device; after agreement through hand shaking of the key, provided by the key exchange protocol, by an external device to the device through a radio communication, the encryption algorithm starts encrypting an established transmission of data from the external device; transmitted data is packet as a header of a predetermined number of bytes plus encrypted data of a predetermined number of bytes, the header being utilized to synchronize transmission of data if bytes in a communication between devices are lost or added; and to minimize delay time between devices participating in a transmission of data incoming data traffic is searched for the latest header, and earlier received data is discarded, whereby the encrypted data always comprises the latest complete incoming header plus data, which is stored in a buffer of a predetermined size; the second device further comprising: an interface adapted to connect a point of sale to the second device to establish communication with financial institutes through common protocols utilized when swiping at least one of a magstrip card and utilizing a smart card chip in a slot for that purpose; at least one of a RFID receiver and a Bluetooth receiver adapted to receive encrypted data communication from an external device; and the software, the receiver, and the interface being controlled by the micro controller unit. One embodiment of the present invention device provides that a switch is attached, and utilized to provide the proper source code to the device.
Another embodiment comprises a bar code generator, which generates a new bar code to be transmitted to the external device after a purchase at a post of sales, the bar code being displayed in a display screen at the external device to be scanned at a post of sale at a next purchase through a bar code scanner to permit or object the purchase made.
A still further embodiment comprises that the device is connected to or comprises a bar code scanner.
Yet another embodiment comprises that the device is comprised in or attached/connected to an automatic teller machine, whereby it permits or objects withdraw of funds from the machine.
Brief description of the drawings
Henceforth reference is had to the attached figures in the accompanying text of the description for a better understanding of the present invention with its embodiments and given examples, wherein:
Fig. 1 schematically illustrates one embodiment of a cellular phone in accordance with the present invention;
Fig. 2 schematically illustrates one embodiment of a bank card; Fig. 3 schematically illustrates an embodiment of a system for a point of sale in accordance with the present invention;
Fig. 4 schematically illustrates a block diagram of a device connected to a POS depicted in Fig. 3 and Fig. 5 in accordance with the present invention;
Fig. 5 schematically illustrates a block diagram depicting the device of Fig. 4 generating bar codes to be displayed in a cellular phone display screen: Fig. 6 schematically illustrating a system according to Fig. 3, wherein a cellular phone and a database comprising the same unit/program generating barcodes or 2D codes or like codes on the market;
Fig. 7 schematically illustrates an embodiment of world wide withdraw of money from ATM machines through the use of cellular phones in accordance with the present invention;
Fig. 8 schematically illustrates an embodiment in accordance with Fig. 6; Fig. 9 schematically illustrates an embodiment where an ATM machine comprises a device according to Fig. 4 of the present invention; and
Fig. 10 schematically illustrates an embodiment of how a money withdrawal is accomplished by transferring money to an ATM in a foreign country in accordance with an embodiment of the present invention.
Detailed description of preferred embodiments An aim of the present invention is to provide a new and inventive encryption protocol/scheme comprised in a cellular phone, to transfer data, including speech when proper, in order to accomplish a safe transmission from and to cellular phones, or between cellular phones and other devices having receivers and/or transmitters to communicate through Bluetooth and/or RFID. Also, the present invention encryption can be utilized for radio communication between other devices then cellular phones, having such capabilities.
Furthermore, the present invention provides a device to be connected/embedded in POS equipment for purchases.
A device with cellular phone capabilities is provided the encryption protocol/scheme in accordance with the present invention, as well as the device/puck/pay module of the present invention. But, the encryption of the present invention can be provided only to the cellular phone, when utilized for other radio communication then purchasing at a POS.
In fact, when the device/puck/pay module is comprised in a cellular phone, the phone is able to act as a POS terminal. It can also act as a money transfer between cellular phones.
The present invention provides a plurality of application embodiments utilizing its encryption protocol/scheme for safer communication of information and data. One inventive application presents a substitution to cards used for payment such as credit cards, shop cards, debit cards, smart cards, petrol cards, bank cards, custom relations management cards, and the like. Henceforth, all cards are comprised as bank cards for the simplicity of the description, but not limiting the present invention to one type of card.
One applipation of the present invention comprises that a cellular telephone number is a unique identifier of the person bearing the phone. Another application of the present invention provides that a cellular phone comprises a barcode generator generating barcodes in the phone display with the use of encryption keys provided to a database comprising the same barcode generator and encryption key in a data post bearing the phone number of the cellular phone mentioned. Hence, the same barcode is generated in booth the cellular phone and the database at any predetermined given time period for matching when purchasing at a POS (Point Of Sale) through the barcode presented in the cellular phone display, thus preventing forgery by for example taking a footage of the barcode presented in the display together with the specific phone number for the phone, also stored in the database for matching. In one embodiment the phone number is always present within the barcode, but the barcode is differently generated for every purchase by the utilization of a key as mentioned. The POS terminal utilizes for instance the commonly utilized PCI-DSS standard (Payment Card Industry Data Security Standard) for transactions such as payment. Hence, the device/puck/pay module does not interfere with the PCI-DSS standard when transaction are accomplished through the POS communication protocol, i.e., no changes or updating of the POS is neccessary. The pay module is described through Fig. 4 and its related text.
An alternative embodiment comprises that the device/puck/pay module of the present invention comprises a bar code generator providing a cellular phone with new barcodes after a purchase has been accomplished through the barcode displayed in the phone display screen. Another embodiment comprises that the device/puck/pay module is provided radio transmitting and receiving equipment such as a cellular phone or the like, whereby it can act as a POS on its own. If the radio equipment is not embedded in the module it can be provided through a PCMCIA card (Personal Computer Memory Card
Association) through a slot added to the module for this purpose, or through an USB device equipped with radio communication capabilities.
Moreover, a cellular phone according to the present invention is equipped with an RFID tag/chip, providing active or passive communication. As is known to a person skilled in the present art, current devices with cellular phone transmission capabilities are equipped with IR and/or Bluetooth communication to transmit and receive data. Hence, it is appreciated that the encryption protocol/scheme is downloaded to the cellular device according to the present invention and stored in one of the devices available memories.
A further application provided through the present invention is a money transfer between a cellular phone and an automatic teller machine (ATM), thus the ATM is provided a device/puck/pay module according to the present invention in order to receive RFID, Bluetooth signals, and other possible radio signals so that a person can withdraw cash from the ATM.
When the expression cellular phone is used throughout the description of the present invention it should be regarded as a pocket sized handheld device having cellular phone capabilities which also includes a PDA (Personal Digital Assistant) operating in any cellular network or the like such as GSM (Global System for Mobile communication) utilizing TDMA (Time Division Multiple Access), CDMA (Code Division Multiple Access), WCDMA (Wideband Code Division Multiple Access, FDMA (Frequency Division Multiple Access) or any other in the market appropriate mobile or cellular system.
Throughout the present description of the provided invention, the presented embodiments and given examples should be understood to incorporate the hereinafter described inventive encryption protocol/scheme. The encryption thus incorporates the well known cryptography/encryption algorithms named Blowfish, TwoFish, RSA (Rivest-Shamir- Adleman), Ghost and the like. Blowfish is a keyed symmetric block cipher designed by Bruce Schneier, and the Diffie-Hellman key agreement/key exchange protocol, RSA, Ghost and the like, which allow two users to exchange a secret key over an insecure medium without any prior secrets. Diffie-Hellman creates keys from predetermined keys in the devices of the present invention. RSA and Ghost can be utilized both as encryption algorithms and key encryption protocols. All the mentioned encryption algorithms and key encryption protocols are well known to a person skilled in the art. It is appreciated, although utilizing known algorithms and protocols, they are modified in accordance with inventive features to its utilization, and that Blowfish and Diffie- Hellman are utilized to exemplify the embodiments oft the present invention, without necessarily limiting the invention to those.
When the expression POS is mentioned it comprises any point of sale for instance such as found in shops, malls, and ticket machines at bus stations, subway stations, train stations, Airports, parking lots and the likes. It is also appreciated that a call and/or data in the context of the present invention includes speech and/or data transmission by establishing a data connection.
Hence, the present invention provides a system comprising a first radio operated device such as a cellular phone, and a second radio operated device, could also be a cellular phone, or a device as depicted in Fig. 4, adapted to at least one of receiving and transmitting encrypted data between each other. Both the first and the second device comprise in one embodiment of the invention a 448 bit Blowfish encryption algorithm in an electronic memory of the devices as well as a Diffie-Hellman key agreement protocol, 512/1024 bits, to provide a final key which activates the Blowfish encryption in the devices. This key is transmitted from the device starting a transmission to a receiving device, which agrees to the key through a hand-shaking procedure. When the hand-shaking is successful, the key triggers the Blowfish algorithm to start encrypting data to be transmitted, and the Blowfish algorithm on the receiving side of the transmission is triggered to encode the received data as the both Blowfish algorithms are utilizing the same agreed key transmitted through the Diffie-Hellman protocol.
The key that is agreed upon through the hand-shaking is in one embodiment created as follows, by the Diffie-Hellman protocol is given a random multiple 16 bit integer start value. This integer start value is continuously incremented through a dedicated software loop for that purpose. Hence, the continuously incremented integer is provided as a random start value, as a first 16 bit key, received by the Diffie-Hellman protocol at the moment of a transmission being established by one of the devices.
Still further the Diffie-Hellman protocol is provided at least one second key fixed and hard coded in the devices, as well as the 512 bit hard coded prime number. This second key identifies the card (Visa, MasterCard, American Express or the like cards) or a specific predetermined company, organization, person or the like by a number for instance a card number or organization number. Another value input to the Diffie-Hellman is a device user key entered and changeable by the user through for instance a menu on a cellular phone display, hereby named the third key. A changeable device user third key can be input by the user to the key exchange protocol in order to swap between the at least one second hard coded key to change the identified type approved such as card type, company, organization and person defined by different identification numbers.
The Diffie-hellman protocol utilizing the first key, second hard coded prime number key, and third key to create a final common key to be utilized by the devices communicating to trigger the Blowfish encryption and/or encoding. Hence, after agreement through hand shaking of the final key, provided by the Diffie-Hellman protocol, by the first and/or second devices through a radio communication, the blowfish algorithm starts encrypting an established transmission of data between the first and at least one second device through a so called tunnel described below. Transmitted data is packet as a header of a predetermined number of bytes such as for instance a 1 byte header plus encrypted data of a predetermined number of bytes such as for instance 24 bytes. The header is utilized to synchronize transmission of data if bytes in a communication between devices are lost or added during transmission. To be able to minimize delay time between devices participating in a transmission of data, incoming data traffic to a device is searched for the latest header, and earlier received data is discarded, whereby the encrypted data always comprises the latest complete incoming header plus data, which is stored in a buffer of a predetermined size for instance of four packets of header plus data. This makes up the so called tunnel for transmission as mentioned above. An established transmission is released if the text CARRIER is a part of incoming data, or when a button for releasing transmission is pushed on the first or second devices such a button could for instance be the hang up button on a cellular phone, or the hands free button.
Now summarizing the encryption and key exchange in steps: 1. Establish a data communication between device A to B
2. Check initializing keys. If OK, then proceed to step 3.
3. Device A generates one new key and transmits it to device B.
4. Connection established if the key is recognized by device B.
5. Encryption is on. In accordance with one embodiment, the first device has cellular phone capacity and the at least one second device also has cellular phone capacity. Alternatively, the first device has cellular phone capacity, and the second device is an entity, se Fig. 4, connected/comprised to/in a POS terminal, whereby a purchase is accomplished through the phone and the entity, utilizing RFID or Bluetooth transmission. Hence, the cellular phone and the second device are provided RFID tags/chips between which a transmission of data is established. Communication between the first and second device can also be established through Bluetooth.
Fig. 1 schematically illustrates one embodiment of a cellular phone 10 in accordance with the present invention. The phone 10 has a unique subscriber telephone number attached to it, herein fictively +4670123456789, identifying the person and/or company having the subscription. Depicted in Fig. 1 is a tag/phone display screen 12, which can be of any type such as a barcode, RFID tag (those are not shown), but they are comprising the telephone number to the cellular phone 10 as shown at reference numeral 14. The tag is intended to be scanned/read at a point of sale for connecting the telephone number to a purchase. If not a tag 12 is utilized, a point of sale (POS) terrhinal comprising a keypad could be utilized to enter the telephone number, +4670123456789, and the PIN code, or a tag or barcode, 2D code or the like could be stored in the cellular phone 10 memory and be re-called to be displayed on the phone 10 screen (not shown). An alternative is to phone the POS with, +4670123456789, to store and connect the phone number to a purchase. This requires that the POS is equipped with a telephone call receiver for this purpose. The PIN code in one embodiment is of the biometric type such as a fingerprint being transmitted to the phone 10 by radiation to a receiver at the POS, or by being displayed on the phones screen and scanned at the POS.
As the telephone number, +4670123456789, is an unique identifier of a person subscribing to it for instance connecting the address of the person through the subscription it can be utilized to connect all the bank data held by that person together with a personal identity code (PIN code). A person's bank data is schematically illustrated as a set of cards 16 such as smart card, petrol card, debit card, credit card bank card, shop card and other like cards. Hence, the persons/companies bank data for authorization of payment transfer according to the data, for instance comprised on the cards 16 is stored in a database at a bank server under the database post +4670123456789 in one embodiment of the present invention such as:
Post: +4670123456789
Bank(-ing) authorization data PIN code A major idea behind the present invention comprises that a cellular telephone
10 number, +4670123456789, is a unique identifier of the person/company bearing the phone 10. Thus, by calling a predetermined number leading to an acquirer node application (acquire node), and storing the cellular number in an acquirer database at a point of sale, and simultaneously entering the same number at the point of sale, whereby the number called in and the one entered are matched at the acquirer it is secured that the phone owner is identified and granted to make a purchase. This is described more in detail with reference to Fig. 3. The acquire node application acts as a communication device and holds software for accomplishing telephone A-number identification/retrieving it, checking phone numbers, equipment for receiving telephone calls, and other necessary tasks known to a person skilled in the art for acting as an acquirer.
In Fig. 2, schematically illustrated, is one embodiment of a bank card 20 in accordance with the present invention and its identity/authorization data.
The ANSI Standard X4.13-1983 is utilized by many credit card systems. Here are what some of the numbers on the card stand for.
The first digit in on a credit-card number signifies the system, 3 - travel/entertainment cards (such as American Express and Diners Club), 4— Visa, 5 - MasterCard, 6 - Discover Card. The structure of the card number, 4 4, as depicted in Fig. 2 on card 20 varies by system. For example, American Express card numbers start with 37; Carte Blanche and Diners Club with 38. American Express - digits three and four are type and currency, digits five through 11 are the account number, digits 12 through 14 are the card number within the account and digit 15 is a check digit. The Visa - digits two through six are the bank number, digits seven through 12 or seven through 15 are the account number and digit 13 or 16 is a check digit. MasterCard - digits two and three, two through four, two through five or two through six are the bank number (depending on whether digit two is a 1 , 2, 3 or other). The digits after the bank number up through digit 15 are the account number, and digit 16 is a check digit, here a 4. The stripe on the back of a credit card is a magnetic stripe, often called a magstripe. There are three tracks on the magstripe. Each track is about one-tenth of an inch wide. The ISO/IEC standard 7811, which is used by banks, specifies that track one is 210 bits per inch (bpi), and holds 79 6-bit plus parity bit read-only characters. The track two is 75 bpi, and holds 404-bit plus parity bit characters. Track three is 210 bpi, and holds 1074-bit plus parity bit characters. A credit card 20 typically uses only tracks one and two. Track three is a read/write track (which includes an encrypted PIN, country code, currency units and amount authorized), but its usage is not standardized among banks.
The information on track one is contained in two formats: A, which is reserved for proprietary use of the card issuer, and B, which includes the following: Start sentinel - one character, format cόde="B" - one character (alpha only), primary account number - up to 19 characters, separator - one character, country code - three characters, name - two to 26 characters, separator - one character, expiration date or separator - four characters or one character, discretionary data - enough characters to fill out maximum record length (79 characters total), end sentinel - one character, and longitudinal redundancy check (LRC) - one character. LRC is a form of computed check character. The format for track two, developed by the banking industry, is as follows: Start sentinel - one character, primary account number - up to 19 characters, separator - one character, country code - three characters, expiration date or separator - four characters or one character, discretionary data - enough characters to fill out maximum record length (40 characters total), and LRC - one character. Information on the track format, see ISO Magnetic Stripe Card Standards.
There are three basic methods for determining (authentication) whether the credit card will pay for what is charged: Merchants with few transactions each month do voice authentication using a touch-tone phone, electronic data capture (EDC) magstripe-card swipe terminals are becoming more common — so is swiping the card at the checkout, virtual terminals on the Internet.
After for instance the cashier or the person purchasing swipes the credit card 20 through a reader, the EDC software at the point-of-sale (POS), see Fig. 3, terminal dials a stored telephone number, utilizing a modem, broadband connection, wireless or other network and equipment known to a person skilled in the art, to call an acquirer. An acquirer is an organization that collects credit-authentication requests from merchants and provides the merchants with a payment guarantee. When an acquirer company receives the credit-card authentication request, it checks the transaction for validity and the record on the magstripe for: Merchant ID, valid card number, expiration date, credit-card limit, card usage.
The "smart" credit card (smart card) is an innovative application that involves all aspects of cryptography (secret codes), not just the authentication described. A smart card 20 has a microprocessor 22 built into the card itself. Cryptography is essential to the functioning of these cards: A user must corroborate his identity to the card each time a transaction is made, in much the same way that a PlN is used with an ATM (Automated Teller Machine). The card and the card reader executes a sequence of encrypted sign/countersign-like exchanges to verify that each is dealing with a legitimate counterpart. Once this has been established, the transaction itself is carried out in encrypted form to prevent anyone, including the cardholder or the merchant whose card reader is involved, from "eavesdropping" on the exchange and later impersonating either party to defraud the system. This elaborate protocol is conducted in such a way that it is invisible to the user, except for the necessity of entering a PIN to begin the transaction.
The chips in these cards are capable of many kinds of transactions. For example, make purchases from a card holder's credit account, debit account or from a stored account value that is reload-able. The enhanced memory and processing capacity of the smart card is many times that of traditional magnetic-stripe cards and can accommodate several different applications on a single card. It can also hold identification information, keep track of participation in an affinity (loyalty) program or provide access to premises. The information described above held by a bank card 20, or smart card 20, 22 is similar to that what is expected to be stored under the database post or telephone number, +4670123456789, as bank data/authorization data together with a PIN code, or regarding a smart card 20, 22, this information/data is stored also in a memory, for instance SIM card or internal phone memory, of the cellular phone 10 to be transmitted from a POS to the database holding the post, +4670123456789, for comparison of correctness in accordance with the present invention.
In one preferred embodiment encryption/encoding software is bound/affiliated to a cellular phones international mobile station equipment identity (IMEI), which is a wireless telecommunication term utilized to identify every specific cellular phone or mobile station. Moreover the present invention introduces a further security or authorization feature by calling the database, through its telephone number here fictively 9876543210, holding the database post with telephone numbers by the phone 10, with telephone number, +4670123456789, similar to making a card purchase at the POS. It is thus checked that the scanned or otherwise transmitted telephone number at the POS is +4670123456789, the same that has called the database, and if so a purchase is granted and the acquirer node sends a signal to the POS that the purchase is granted. This is described through the system of Fig. 3 depicting one embodiment out of several possible following the teaching of the present invention.
Fig. 3 schematically illustrates an embodiment of a system for a POS 30 in accordance with the present invention, herein including a clearing house which is common. The POS 30 system is equipped with a device/puck/pay module 32 in accordance with the present invention comprising a scanner 73 and a terminal 34 for entering PIN codes and other characters through a keypad 35. It can also be equipped and connected to a swipe card slot 31 in one embodiment of the present invention A customer purchasing at the POS holds his cellular phone 10, with tag 12, to be scanned by the scanner 73 comprised in the device 32, depicted in Fig. 4, or utilizing one of the methods described above to connect the telephone number, +46701234567890, to the purchase, almost simultaneously, the purchaser calls 36, schematically indicated by a GSM base station 38, with the phone 10 bearing the number, +4670123456789, a database server 46, utilizing a predetermined telephone number, her fictively 9876543210, at an acquirer node application 44, where the database server 46 stores the database posts holding telephone numbers that are connected and authorized to make purchases, as for instance +4670123456789 pointing at bank data allowing a purchase of merchandizes, goods, services and the like. The call is registered with the telephone number, +4670123456789, in the database 46. The call can be stored for a limited time, for example, two to five minutes, so that another purchase in a different store is possible. The POS 30 connects to the acquirer node application through one of the networks 40, 42. The connection to the acquirer node 44 could be established by the POS 30 attendant swiping a special card for the store or POS 30 in question opening up the communication for a purchase as it is actually currently accomplished when purchasing by using a bank card, thus emulating a connection as if the purchase was accomplished through a card. If the phone 10 has stored bank data emulating a smart card, the data has been transmitted for instance when calling the acquirer having telephone number 9876543210.
At the acquirer node 44 it is checked through dedicated software for that purpose that the phone number +4670123456789 from the POS is the same as the one stored when the phone 10 was brought to call 9876543210 to register the phone number +4670123456789 for a purchase, and if so the database is checked that phone 10 holding number +4670123456789 is a registered telephone number allowed to be used for purchases. The PIN code is checked together with bank authorization data. If the purchase is granted by the acquirer a grant message/signal is sent to the POS 30 and the purchase is closed as being correct and granted. This purchase is accomplished more or less as a current purchase with a bank card 20, 22, and very little upgrading of equipment has to be deployed at the POS 30 in order to make a purchase. If the POS 30 utilizes the feature of receiving a call from the phone 10 to connect the purchase with a phone number, +4670123456789, as described above, equipment such as receivers for that purpose are to be installed. It is appreciated that it is known to a person skilled in the art how to detect the phone number, +4670123456789, by A-number identification and CallerlD. It is also recognized that the telephone numbers used in the present description are fictive, and that an almost unlimited number of phones can be registered in databases 46 as database post for utilizing the findings of the present invention. In order to settle the accounts between the purchaser and the POS 30 merchant, the acquirer 44 connects through a network 40 a clearing house 48, which settles the accounts by debiting the purchaser account at his/her bank and crediting the merchant at his/her bank through their bank server 50.
Fig. 4 schematically illustrates a block diagram of a device/puck/pay module 32 connected to a POS depicted in Fig. 3 and Fig. 5 in accordance with the present invention. The device 32 comprises a micro controller unit 60, which controls the device 42 tasks. A flash memory 62 is used to store the source code needed to operate the device 32. Moreover, the device 32 comprises at least one of an Rs232, Rs485 interface and a universal bus interface (USB) for connection to external devices such as a POS 30, having ports for such connection. It communicates through at least one of a Bluetooth receiver and/or transmitter 68 and a RFID receiver and/or transmitter 70. An RFID 70 can be of a passive or active type.
The device 32 also comprises a switch 74, for example, a dip switch, which provides easy access to different software for external communication with for instance POS terminals stored in the flash memory 62.
Any purchase through a POS 30 in accordance with the present invention utilizes the same protocols as currently used for backbone communication, i.e., communication utilized beyond the device 32 of the present invention to verify so called card data by for instance utilization of the PCI-DSS standard. Hence, no modification to existing POS is normally necessary if the POS has interfaces adapted to receive communication through USB, Rs232, and Rs485 ports, or other similar known communication ports. Hence, the radio operated device 32, the second device in the attached claims
1 to 6, is adapted to at least one of receiving and transmitting encrypted data, from and/or to a cellular phone 10, 11 comprising an RFID tag or chip and/or a Bluetooth chip. Encryption and/or encoding is accomplished and supported by having technology for Blowfish and Diffie- Hellman stored in the flash memory 64, operated in accordance with the inventive method described above. The RFID chip in the cellular phone 10, 11 can be of the strip type, as a chip attached in the cellular phone or as a chip integrated in the cellular phone SIM card (Subscriber Identity Module).
In one alternative embodiment depicted through Fig. 6, the device 32 comprises a bar code and/or 2D code generator generating a new code every time a purchase at a POS 30 is accomplished, which is transmitted to the cellular phone 10, 11 to be displayed and scanned by a code scanner connected to or comprised in the device 32 at the next purchase as depicted in Fig. 6. A purchase made through a cellular phone 10, 11 can be confirmed by entering a PIN code at the POS 30 through a key pad 34 as is made currently when purchasing or registering with cards 16. In another embodiment, the device 32 is equipped with cellular radio capabilities such as GSM, GSM/3G or the like. If the device 32 is equipped With a PCMCIA slot and card 76 such cellular radio communication can be provided through the PCMCIA card 76, or alternatively with a USB device providing radio communication (not shown). Cellular communication can also be provided by integrating it to the device 32 (not shown). Fig. 5 and 6 schematically illustrating a system according to Fig. 3, wherein a cellular phone 10 and a database 46 comprises the same unit/program 52 generating barcodes 13 or 2D codes or like codes known to a person skilled in the art. A main embodiment of the present invention thus provides that a cellular phone 10 comprises a barcode generator generating barcodes 13 in the phone display 12 with the use of encryption keys provided to a database 46 and the phone memory unit 52, comprising the same barcode generator and encryption key in a data post bearing the phone number, +4670123456789 or referring to it, of the cellular phone 10 mentioned. Hence, the same barcode 13 is generated in booth the cellular phone 10 and the database 46 (indicated by a broken line connector in Fig. 4 at any predetermined given time period for matching when purchasing at a POS 30 equipped with a card slot swipe 31 , through the barcode 13 presented in the cellular phone display 12, thus preventing forgery by for example by taking a footage of the barcode 13, only being valid at one POS purchase, presented in the display 12 together with the specific phone number for the phone, also stored in the database for matching as described above. In one embodiment the phone number, +4670123456789, is always present within the barcode 13, but the barcode 13 is differently generated for every purchase at a POS 30 or the like by the utilization of a key for instance 1280 as depicted in Fig. 6, as mentioned, or other known encryption technique known to a person skilled in the art.
In another embodiment the key could be generated by the encryption program in the database when registering the cellular phone 10 number, +4670123456789 in accordance with the present invention and sent to the phonelO memory unit 52, which produces the same barcode 13 as the database for a matching as described above through the key.
In a further embodiment the key can be entered in the database at any given time, i.e., allowing changes of the key, as well as it is registered in the phone memory unit 52 in order to let the memory unit 52 and database 46 produce the same barcode 13. The cellular phone 10 memory unit 52 can reside in the phone SIM card or in an internal phone 10 memory.
As mentioned the barcode 13 can be simultaneously generated in the phone bar code generator software and the database 46, thus matching each other to enable a purchase. This generating of a barcode could be synchronized to occur at every purchase or at a predetermined time, determined by for instance a timer, not shown, to further inhibit forgery of the barcode 13 as the time for generation of a barcode can be arbitrary accomplished.
In one embodiment, the barcode generator and/or key can be transmitted to the phone memory unit 52 when registering the phone number, +04670123456789, for purchase at a POS as described above.
Register your cellular phone number at a server for withdrawing cash. The phone number is connected to your bank account particulars. Receive a PIN code, and now it is possible to withdraw cash from an ATM 80. Equip your phone with an RFID tag comprising at least your phone number. Call the server 46, for example, from at home, when you would like to withdraw cash from your account. Visit an ATM, which is equipped with an RFID receiver 70 device 32, hold the RFID tag in front of the receiver. Thereafter, type your PIN code and you are connected to withdraw cash as you would have been when utilizing a card 16. Refer to Fig.7, 8, 9, and 10 for ATM 80 cash withdraw. The globe 82 in Fig. 7 indicates that it is possible to withdraw cash any ware in accordance with one embodiment of the present invention.
Alternatively, without RFID attached to ATM, visit an ATM 80, and make a click on the ATM screen or a specific button, to enter that you would like to withdraw by a cellular account. Enter your telephone number and PIN code and retrieve the cash. You are now connected to withdraw cash as you would have been when utilizing a card.
Another alternative for withdrawing cash from an ATM, call the server with your cellular phone 10, 11 and place a sum (prepay) to be retrieved from an ATM 80, for instance $ 1000. This amount can be withdraw at one ATM visit, or smaller sums at several ATM visits.
A further alternative to withdraw cash from an ATM 80 at a remote place for instance a foreign city involves transfer of cash from one cellular phone 10 to another cellular phone 11 , see Fig. 10. Consider that you have a child or other person you trust that is in need of cash, but being on vacation, traveling, living in another city, which is depicted as a map 84 in Fig. 10. Call the server with your cellular phone 10 and place a sum (prepay) to be retrieved from an ATM 80, for instance $ 1000, and receive a one time PIN code. Provide your child the PIN code through, for example, a cellular phone call. The child visits an ATM 80, and enters your cellular phone number and the one time PIN code and retrieves the cash $ 1000. If you trust the person they could be provided your regular PIN code.
The above depicts some examples of cellular phone ATM retrieval. A skilled person thus is aware of several other possible ATM cash retrievals being aware of the above concepts.
The present invention is not limited to given examples and embodiments, but to what a person skilled in the art can derive from the attached set of claims.

Claims

Claims
1. A system comprising a first radio operated device (10, 11), and at least one second radio operated device (10, 11 , 32) adapted to at least one of receiving and transmitting encrypted data between each other by establishing a data connection, characterized in that said first and at least second device (10, 11 , 32) comprise: an encryption algorithm in a memory (72); a key exchange protocol to provide a final key which activates said encryption algorithm to encrypt in said devices (10, 11, 32); a random multiple integer start value generator, continuously incrementing said integer in a loop for such a purpose; said continuously incremented integer being a random start value received by said key exchange protocol at the moment of a transmission being established by one of said devices (10, 11, 32), utilized by said key exchange as a first key, at least one second key is hard coded and provided said key exchange protocol to identify the type approved of said first and second device reception through identification numbers; said key exchange protocol utilizing said first, and second key to create said final key to start said encryption algorithm; after agreement through hand shaking of said final key, provided by said key exchange protocol, by said first (10, 11) and second devices (10, 11, 32) through a radio communication, said encryption algorithm starts encrypting an established transmission of data between said first and at least one second device (10, 11, 32); transmitted data is packet as a header of a predetermined number of bytes plus encrypted data of a predetermined number of bytes, said header being utilized to synchronize transmission of data if bytes in a communication between devices (10, 11, 32) are lost or added; and to minimize delay time between devices (10, 11 , 32) participating in a transmission of data incoming data traffic is searched for the latest header, and earlier received data is discarded, whereby the encrypted data always comprises the latest complete incoming header plus data.
2 A system according to claim 1 , wherein an established transmission is released if the text CARRIER is a part of incoming data, or when a button for releasing transmission is pushed on said first or second devices (10, 11 , 32).
3 A according to claim 1 , wherein said first device (10, 11) has cellular phone capacity and said at least one second device has cellular phone capacity (10, 11).
4 A system according to claim 1 , wherein said first device has cellular phone capacity (10, 11), and said second device (32) is an entity connected/comprised to/in a POS terminal (30), whereby a purchase is accomplished through said phone (10, 11) and said second device (32), utilizing RFID or Bluetooth transmission.
5 A according to claims 3 or 4, wherein said cellular phone (10, 11) and said second device (32) are provided RFID tags/chips between which a transmission of data is established.
6 A system according to claims 3 or 4, wherein communication between said first (10, 11) and second device (32) is established through Bluetooth.
7 A system according to claims 3 or 4, wherein encryption/encoding software is bound/affiliated to a cellular phones (10, 11) international mobile station equipment identity.
8. A system according to claim 1, wherein a changeable device user third key is input by said user to said key exchange protocol in order to swap between said at least one second hard coded key to change the identified type approved such as card type, company and organization defined by different identification numbers.
9. A radio operated device (32), the second device in claims 1 to 8, adapted to at least one of receiving and transmitting encrypted data by establishing a data connection, characterized in that it comprises: a micro controller unit (60), controlling said device (32); a memory (74) for storing software comprising: an encryption algorithm; a key exchange protocol to receive a key which activates said encryption algorithm in said device (32); after agreement through hand shaking of said key, provided by said key exchange protocol, by an external device (10, 11) to said device (32) through a radio communication, said encryption algorithm starts encrypting an established transmission of data from said external device (10, 11); transmitted data is packet as a header of a predetermined number of bytes plus encrypted data of a predetermined number of bytes, said header being utilized to synchronize transmission of data if bytes in a communication between devices (10, 11, 32) are lost or added; and to minimize delay time between devices (10, 11 , 32) participating in a transmission of data incoming data traffic is searched for the latest header, and earlier received data is discarded, whereby the encrypted data always comprises the latest complete incoming header plus data, which is stored in a buffer of a predetermined size; said second device further comprising: an interface (64, 66) adapted to connect a point of sale (30) to said device (32) to establish communication with financial institutes through common protocols utilized when swiping at least one of a magstrip card and utilizing a smart card chip in a slot for that purpose; at least one of a RFID receiver and a Bluetooth receiver (68, 70) adapted to receive encrypted data communication from an external device (10, 11); and said software, said receiver (68, 70), and said interface (64, 66) being
controlled by said micro controller unit (60).
10. A device according to claim 9, wherein a switch (74) is attached, and utilized to provide the proper source code to said device (32).
11. A device according to claim 9, wherein it comprises a bar code generator (72), which generates a new bar code (13) to be transmitted to said external device (10, 11) after a purchase at a post of sales (30), said bar code (13) being displayed in a display screen (12) at said external device (10, 11) to be scanned at a post of sale (30) at a next purchase through a bar code scanner (73) to permit or object the purchase made.
12. A device according to claims 9 or 11 , wherein said device is connected to or comprises a bar code scanner (73).
13. A device according to claim 9, wherein said device (32) is comprised in or attached to an automatic teller machine (80), whereby it permits or objects withdraw of funds from said machine (80).
PCT/SE2008/000046 2007-01-19 2008-01-21 Pos module WO2008105703A1 (en)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
SE0700122-5 2007-01-19
SE0700122 2007-01-19
SE0702829 2007-12-19
SE0702829-3 2007-12-19
US629307A 2007-12-26 2007-12-26
US12/006,293 2007-12-26

Publications (1)

Publication Number Publication Date
WO2008105703A1 true WO2008105703A1 (en) 2008-09-04

Family

ID=39721479

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2008/000046 WO2008105703A1 (en) 2007-01-19 2008-01-21 Pos module

Country Status (1)

Country Link
WO (1) WO2008105703A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010032216A1 (en) * 2008-09-19 2010-03-25 Logomotion, S.R.O. The electronic payment application system and payment authorization method
EP2442266A1 (en) * 2010-10-18 2012-04-18 NCR Corporation Disparate barcode transaction processing
US8275364B2 (en) 2008-01-04 2012-09-25 Logomotion, S.R.O. Systems and methods for contactless payment authorization
US8406809B2 (en) 2009-05-03 2013-03-26 Logomotion, S.R.O. Configuration with the payment button in the mobile communication device, the way the payment process is started
US8500008B2 (en) 2009-04-24 2013-08-06 Logomotion, S.R.O Method and system of electronic payment transaction, in particular by using contactless payment means
US8737983B2 (en) 2008-03-25 2014-05-27 Logomotion, S.R.O. Method, connection and data carrier to perform repeated operations on the key-board of mobile communication device
US9054408B2 (en) 2008-08-29 2015-06-09 Logomotion, S.R.O. Removable card for a contactless communication, its utilization and the method of production
US9081997B2 (en) 2008-10-15 2015-07-14 Logomotion, S.R.O. Method of communication with the POS terminal, the frequency converter for the post terminal
US9098845B2 (en) 2008-09-19 2015-08-04 Logomotion, S.R.O. Process of selling in electronic shop accessible from the mobile communication device
WO2015126333A1 (en) * 2014-02-21 2015-08-27 Global Exchange Payments, Se Method of electronic cashless payment through a unique identifier created offline

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4200770A (en) * 1977-09-06 1980-04-29 Stanford University Cryptographic apparatus and method
WO2001037200A1 (en) * 1999-11-15 2001-05-25 C-Sam, Inc. Point of sale and display adapter for electronic transaction device
WO2002086785A1 (en) * 2001-04-23 2002-10-31 Secubay Corp. The electronic settlement system, electronic settlement method and cash paying method using lcd barcode displayed on mobile terminal
GB2384403A (en) * 2002-01-17 2003-07-23 Toshiba Res Europ Ltd Establishing secure data transmission links using the Diffie-Hellman key exchange protocol and public key cryptography
US20040083368A1 (en) * 2002-10-24 2004-04-29 Christian Gehrmann Secure communications
WO2006125296A1 (en) * 2005-05-27 2006-11-30 Gaba Holdings International, Inc. Consumer-centric rfid point of sale transaction system and method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4200770A (en) * 1977-09-06 1980-04-29 Stanford University Cryptographic apparatus and method
WO2001037200A1 (en) * 1999-11-15 2001-05-25 C-Sam, Inc. Point of sale and display adapter for electronic transaction device
WO2002086785A1 (en) * 2001-04-23 2002-10-31 Secubay Corp. The electronic settlement system, electronic settlement method and cash paying method using lcd barcode displayed on mobile terminal
GB2384403A (en) * 2002-01-17 2003-07-23 Toshiba Res Europ Ltd Establishing secure data transmission links using the Diffie-Hellman key exchange protocol and public key cryptography
US20040083368A1 (en) * 2002-10-24 2004-04-29 Christian Gehrmann Secure communications
WO2006125296A1 (en) * 2005-05-27 2006-11-30 Gaba Holdings International, Inc. Consumer-centric rfid point of sale transaction system and method

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8275364B2 (en) 2008-01-04 2012-09-25 Logomotion, S.R.O. Systems and methods for contactless payment authorization
US8737983B2 (en) 2008-03-25 2014-05-27 Logomotion, S.R.O. Method, connection and data carrier to perform repeated operations on the key-board of mobile communication device
US9054408B2 (en) 2008-08-29 2015-06-09 Logomotion, S.R.O. Removable card for a contactless communication, its utilization and the method of production
US8799084B2 (en) 2008-09-19 2014-08-05 Logomotion, S.R.O. Electronic payment application system and payment authorization method
US9098845B2 (en) 2008-09-19 2015-08-04 Logomotion, S.R.O. Process of selling in electronic shop accessible from the mobile communication device
WO2010032216A1 (en) * 2008-09-19 2010-03-25 Logomotion, S.R.O. The electronic payment application system and payment authorization method
RU2520392C2 (en) * 2008-09-19 2014-06-27 Логомотион, С.Р.О. Electronic payment system and payment authorisation method
US9081997B2 (en) 2008-10-15 2015-07-14 Logomotion, S.R.O. Method of communication with the POS terminal, the frequency converter for the post terminal
US8500008B2 (en) 2009-04-24 2013-08-06 Logomotion, S.R.O Method and system of electronic payment transaction, in particular by using contactless payment means
US8406809B2 (en) 2009-05-03 2013-03-26 Logomotion, S.R.O. Configuration with the payment button in the mobile communication device, the way the payment process is started
US8606711B2 (en) 2009-05-03 2013-12-10 Logomotion, S.R.O. POS payment terminal and a method of direct debit payment transaction using a mobile communication device, such as a mobile phone
US8583493B2 (en) 2009-05-03 2013-11-12 Logomotion, S.R.O. Payment terminal using a mobile communication device, such as a mobile phone; a method of direct debit payment transaction
US10332087B2 (en) 2009-05-03 2019-06-25 Smk Corporation POS payment terminal and a method of direct debit payment transaction using a mobile communication device, such as a mobile phone
EP2442266A1 (en) * 2010-10-18 2012-04-18 NCR Corporation Disparate barcode transaction processing
WO2015126333A1 (en) * 2014-02-21 2015-08-27 Global Exchange Payments, Se Method of electronic cashless payment through a unique identifier created offline

Similar Documents

Publication Publication Date Title
US20100279610A1 (en) System for receiving and transmitting encrypted data
WO2008105703A1 (en) Pos module
US7014107B2 (en) Wireless payment processing system
EP2038227B1 (en) System and method for activating telephone-based payment instrument
US8527427B2 (en) Method and system for performing a transaction using a dynamic authorization code
US7357309B2 (en) EMV transactions in mobile terminals
US10270587B1 (en) Methods and systems for electronic transactions using multifactor authentication
US20090150248A1 (en) System for enhancing payment security, method thereof and payment center
US20100274677A1 (en) Electronic payment application system and payment authorization method
US20020161708A1 (en) Method and apparatus for performing a cashless payment transaction
US20070288371A1 (en) Personal electronic payment system and related method
JP2012027914A (en) Electronic credit card
CA2512882A1 (en) Architecture of simplified hardware requirements for bank card payment transactions in a large group of clients, transaction terminal unit, extended function sim card, and methods for individualisation and performing transaction
US20020095580A1 (en) Secure transactions using cryptographic processes
US7707119B2 (en) System and method for identity protected secured purchasing
WO2007050005A1 (en) Credit card substitute
JP2001351155A (en) Payment authenticating method of automatic vending machine using portable telephone, and payment authentication system
WO2008154872A1 (en) A mobile terminal, a method and a system for downloading bank card information or payment application information
CA2475275C (en) Wireless data processing system for credit payment
CN113112251A (en) Digital currency thin film smart card, digital currency transaction system and method
KR20020031706A (en) Account settlement system by PDA having card interface and method thereof
SE532333C2 (en) Systems for receiving and transmitting encrypted data between two devices

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08705219

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08705219

Country of ref document: EP

Kind code of ref document: A1