[go: up one dir, main page]

US20190043040A1 - Method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission - Google Patents

Method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission Download PDF

Info

Publication number
US20190043040A1
US20190043040A1 US16/040,628 US201816040628A US2019043040A1 US 20190043040 A1 US20190043040 A1 US 20190043040A1 US 201816040628 A US201816040628 A US 201816040628A US 2019043040 A1 US2019043040 A1 US 2019043040A1
Authority
US
United States
Prior art keywords
mobile electronic
access permission
electronic device
server
link
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US16/040,628
Inventor
Anders MALMBORG
Vaijayanthi Mala JAYAPRAKASH
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Skidata GmbH
Original Assignee
Skidata GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Skidata GmbH filed Critical Skidata GmbH
Assigned to SKIDATA AG reassignment SKIDATA AG ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MALMBORG, Anders, JAYAPRAKASH, VAIJAYANTHI MALA
Publication of US20190043040A1 publication Critical patent/US20190043040A1/en
Priority to US18/343,436 priority Critical patent/US12008546B2/en
Priority to US18/738,495 priority patent/US20250021964A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3223Realising banking transactions through M-devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/351Virtual cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/363Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Definitions

  • the present invention relates to a method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission.
  • the object of the present invention is to specify a method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission, the use of which excludes the possibility of misuse of the access permission while at the same time ensuring the facility for transmitting the electronic access permission to another mobile electronic device of an authorized person.
  • a method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission, wherein in said method an electronic access permission is purchased by means of an interaction with a server, wherein during the purchase of the electronic access permission by a buyer, a password or authentication data and a mobile electronic device are specified, wherein the electronic access permission is transmitted from the server to the mobile electronic device by means of a link for downloading the access permission.
  • a unique ID of the mobile electronic device is transmitted to the server, which is associated with an ID of the acquired access permission, wherein a transmission of the electronic access permission from the first mobile electronic device to another mobile electronic device takes place only after the input of the password specified by the purchaser of the access permission, and/or input of the authentication data specified by the buyer of the access permission by means of an interaction with the server, wherein on completion of the transfer the access permission ID is associated with the ID of the other mobile electronic device in the server, and the server marks the access permission stored on the first mobile electronic device as invalid.
  • a wallet application installed on the mobile device activates the link and in order to download the acquired access permission a unique ID of the mobile electronic device is transmitted to the server, wherein it is verified in the server whether an ID of the acquired access permission is associated with the transmitted unique ID of the mobile electronic device, wherein if this is not the case, the access permission ID and the unique ID of the mobile electronic device are associated with each other and the electronic access permission is then downloaded.
  • the wallet application of the mobile electronic device In the event that the electronic access permission is to be transferred from one mobile electronic device to another mobile electronic device, the wallet application of the mobile electronic device, whose unique ID is associated with the access permission ID, transmits a link for downloading the access permission to the other mobile electronic device, wherein the wallet application of the other mobile electronic device activates the link and transmits a unique ID of the other mobile electronic device to the server.
  • the server sends a link to the other mobile electronic device, the activation of which by the wallet application leads to an input screen for either the password specified by the purchaser of the access permission or for the authentication data specified by the purchaser of the access permission, wherein if the password is valid or the authentication data are valid, the access permission ID is associated with the ID of the other mobile electronic device in the server and the electronic access permission is downloaded to the other mobile electronic device.
  • the access permission stored on the first mobile electronic device is marked by the server as invalid, preferably by means of a push message to the wallet application, wherein the association of the ID of the first mobile electronic device with the electronic access permission is deleted and the corresponding data are stored on the server.
  • the design according to the invention provides a method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission, the activation of which ensures that an access permission can only be transferred to another mobile electronic device if this is a mobile electronic device of an authorized person.
  • an access permission is to be transferred from one mobile electronic device to another mobile electronic device, i.e. if the access permission ID has already been associated with a unique ID of a mobile electronic device, then on the basis of the number of the completed associations from the access permission ID to unique IDs of mobile electronic devices it is verified how often the access permission has already been transferred, wherein if the number of completed transfers has reached a predefined threshold value, no further transfer is possible.
  • FIGURE shows a sequence diagram to illustrate the main features of the method according to the invention.
  • an electronic access permission is purchased by a buyer 1 by means of an interaction with a server 2 (step 1 ), wherein when the electronic access permission is purchased by the buyer a password or authentication data is specified.
  • step 2 the electronic access permission is transferred from the server 1 to a mobile electronic device 3 specified during the purchase of the access permission, by means of a link for downloading the access permission, wherein a wallet application installed on the mobile device 3 activates the link and in order to download the acquired access permission, a unique ID of the mobile electronic device is transmitted to the server 2 (step 3 ), wherein it is verified in the server 2 whether an ID of the acquired access permission is associated with the transmitted unique ID of the mobile electronic device 3 , wherein if this is not the case, the access permission ID and the unique ID of the mobile electronic device 3 are associated with each other (step 4 ) and the electronic access permission is then downloaded.
  • the wallet application of the mobile electronic device 3 transmits a link for downloading the access permission to the other mobile electronic device 4 (step 6 ), wherein the wallet application of the other mobile electronic device 4 activates the link (step 7 ) and transmits a unique ID of the other mobile electronic device 4 to the server 2 .
  • the server 2 sends a link to the other mobile electronic device 4 (step 8 ), the activation of which by the wallet application leads to an input screen for entering either the password specified by the purchaser of the access permission or for the authentication data specified by the purchaser of the access permission (step 9 ), wherein if the password is valid or the authentication data is valid, the access permission ID is associated with the ID of the other mobile electronic device 4 in the server 2 , and the electronic access permission is downloaded to the other mobile electronic device 4 .
  • the access permission stored on the first mobile electronic device 3 is then marked by the server 2 as invalid (step 11 ), preferably by means of a push message to the wallet application.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A method for preventing misuse of electronic access permissions, managed in mobile electronic devices using a wallet application and transmitted by a server. A link is purchased from the server (2), during which a password or authentication data and a mobile electronic device, are specified via the link. When activating the link, a unique ID of the first mobile electronic device (3), which is associated with an ID of the purchased access permission, is transmitted to the server (2). The electronic access permission is only transferable from the first mobile electronic device (3) to another mobile electronic device (4) after the password is first entered with the server (2). Upon successful transfer, in the server (2) the access permission ID is now associated with the ID of the other mobile electronic device (4) and the access permission stored on the first mobile electronic device (3) is marked as invalid.

Description

  • This application claims priority from European patent application serial no. 17185122.3 filed Aug. 7, 2017.
    • FIELD OF THE INVENTION
  • The present invention relates to a method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission.
    • BACKGROUND OF THE INVENTION
  • From the prior art it is known to store and manage electronic access permissions, for example by means of so-called wallet applications on mobile electronic devices, such as smartphones and tablets. In this case it is possible, for example, by means of the IOS “Wallet” app, to forward electronic access permissions to other mobile electronic devices. This increases the convenience for the user, in the case where an authorized person would like to use a new mobile electronic device; on the other hand, this technique can allow personal electronic access permissions to be “borrowed”, thereby allowing a misuse of these access permissions.
    • SUMMARY OF THE INVENTION
  • The object of the present invention is to specify a method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission, the use of which excludes the possibility of misuse of the access permission while at the same time ensuring the facility for transmitting the electronic access permission to another mobile electronic device of an authorized person.
  • This object is achieved by the features of the independent claim(s). Further configurations according to the invention and advantages are apparent from the dependent claims.
  • Consequently, a method is proposed for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission, wherein in said method an electronic access permission is purchased by means of an interaction with a server, wherein during the purchase of the electronic access permission by a buyer, a password or authentication data and a mobile electronic device are specified, wherein the electronic access permission is transmitted from the server to the mobile electronic device by means of a link for downloading the access permission.
  • According to the invention, in implementing the link for downloading the purchased access permission a unique ID of the mobile electronic device is transmitted to the server, which is associated with an ID of the acquired access permission, wherein a transmission of the electronic access permission from the first mobile electronic device to another mobile electronic device takes place only after the input of the password specified by the purchaser of the access permission, and/or input of the authentication data specified by the buyer of the access permission by means of an interaction with the server, wherein on completion of the transfer the access permission ID is associated with the ID of the other mobile electronic device in the server, and the server marks the access permission stored on the first mobile electronic device as invalid.
  • In the context of one design of the invention, after the transmission of the link for downloading the access permission to the mobile electronic device, a wallet application installed on the mobile device activates the link and in order to download the acquired access permission a unique ID of the mobile electronic device is transmitted to the server, wherein it is verified in the server whether an ID of the acquired access permission is associated with the transmitted unique ID of the mobile electronic device, wherein if this is not the case, the access permission ID and the unique ID of the mobile electronic device are associated with each other and the electronic access permission is then downloaded.
  • In the event that the electronic access permission is to be transferred from one mobile electronic device to another mobile electronic device, the wallet application of the mobile electronic device, whose unique ID is associated with the access permission ID, transmits a link for downloading the access permission to the other mobile electronic device, wherein the wallet application of the other mobile electronic device activates the link and transmits a unique ID of the other mobile electronic device to the server.
  • According to the invention, it is verified in the server whether an association of the access permission ID with a unique ID of another mobile electronic device exists, wherein if this is the case, the server sends a link to the other mobile electronic device, the activation of which by the wallet application leads to an input screen for either the password specified by the purchaser of the access permission or for the authentication data specified by the purchaser of the access permission, wherein if the password is valid or the authentication data are valid, the access permission ID is associated with the ID of the other mobile electronic device in the server and the electronic access permission is downloaded to the other mobile electronic device.
  • Then, the access permission stored on the first mobile electronic device is marked by the server as invalid, preferably by means of a push message to the wallet application, wherein the association of the ID of the first mobile electronic device with the electronic access permission is deleted and the corresponding data are stored on the server.
  • The design according to the invention provides a method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission, the activation of which ensures that an access permission can only be transferred to another mobile electronic device if this is a mobile electronic device of an authorized person.
  • In the context of an extension of the invention, if an access permission is to be transferred from one mobile electronic device to another mobile electronic device, i.e. if the access permission ID has already been associated with a unique ID of a mobile electronic device, then on the basis of the number of the completed associations from the access permission ID to unique IDs of mobile electronic devices it is verified how often the access permission has already been transferred, wherein if the number of completed transfers has reached a predefined threshold value, no further transfer is possible.
    • BRIEF DESCRIPTION OF THE DRAWING
  • In the following, an example of the invention is described in greater detail on the basis of the attached FIGURE, which shows a sequence diagram to illustrate the main features of the method according to the invention.
    •  DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
  • Referring to the attached FIGURE, at the start of the method an electronic access permission is purchased by a buyer 1 by means of an interaction with a server 2 (step 1), wherein when the electronic access permission is purchased by the buyer a password or authentication data is specified. Then (step 2), the electronic access permission is transferred from the server 1 to a mobile electronic device 3 specified during the purchase of the access permission, by means of a link for downloading the access permission, wherein a wallet application installed on the mobile device 3 activates the link and in order to download the acquired access permission, a unique ID of the mobile electronic device is transmitted to the server 2 (step 3), wherein it is verified in the server 2 whether an ID of the acquired access permission is associated with the transmitted unique ID of the mobile electronic device 3, wherein if this is not the case, the access permission ID and the unique ID of the mobile electronic device 3 are associated with each other (step 4) and the electronic access permission is then downloaded.
  • If the electronic access permission is to be transferred from one mobile electronic device 3 to another mobile electronic device 4, i.e., if the access permission ID has already been associated with a unique ID of a mobile electronic device 3, then after initiation of the process by the owner of the mobile electronic device 3 (step 5) with whose unique ID the access permission ID is associated, the wallet application of the mobile electronic device 3, with whose unique ID the access permission ID is associated, transmits a link for downloading the access permission to the other mobile electronic device 4 (step 6), wherein the wallet application of the other mobile electronic device 4 activates the link (step 7) and transmits a unique ID of the other mobile electronic device 4 to the server 2.
  • It is then verified in the server 2 whether an association of the access permission ID with a unique ID of another mobile electronic device exists, wherein if this is the case, the server 2 sends a link to the other mobile electronic device 4 (step 8), the activation of which by the wallet application leads to an input screen for entering either the password specified by the purchaser of the access permission or for the authentication data specified by the purchaser of the access permission (step 9), wherein if the password is valid or the authentication data is valid, the access permission ID is associated with the ID of the other mobile electronic device 4 in the server 2, and the electronic access permission is downloaded to the other mobile electronic device 4.
  • The access permission stored on the first mobile electronic device 3 is then marked by the server 2 as invalid (step 11), preferably by means of a push message to the wallet application.

Claims (3)

1. A method for preventing misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission, the method comprising:
purchasing an electronic access permission by an interaction with a server (2),
specifying, during the purchase of the electronic access permission by a purchaser (1), a password or authentication data and a mobile electronic device, to which the electronic access permission is transmitted by the server (1) via a link for downloading the access permission,
when activating the link for downloading the purchased access permission, transmitting a unique ID of the mobile electronic device (3) to the server (2), which is associated with an ID of the purchased access permission,
only transferring the electronic access permission from the mobile electronic device (3) to another mobile electronic device (4) after the password specified by the purchaser of the access permission or the authentication data specified by the purchaser of the access permission is first entered by means of an interaction with the server (2), and
upon successful transfer, associating the access permission ID with the ID of the other mobile electronic device (4) in the server (2) and marking the access permission, stored on the first mobile electronic device (3), via the server (2) as invalid.
2. A method for preventing misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission, according to claim 1, further comprising, after transferring the link for downloading the access permission to the mobile electronic device (3), a wallet application which is installed on the mobile device (3) activates the link and in order to download the acquired access permission, transmits a unique ID of the mobile electronic device to the server (2),
verifying in the server (2) whether an ID of the acquired access permission is associated with the transmitted unique ID of the mobile electronic device (3),
if this is not the case, associating the access permission ID and the unique ID of the mobile electronic device (3) with each other and the electronic access permission is then downloaded, and
if an electronic access is to be transmitted from one mobile electronic device (3) to another mobile electronic device (4), after initiation of the process by an owner of the mobile electronic device (3) with whose unique ID the access permission ID is associated, the wallet application of the mobile electronic device (3), with whose unique ID the access permission ID is associated, transmitting a link for downloading the access permission to the other mobile electronic device (4),
the wallet application of the other mobile electronic device (4) activating the link and transmitting a unique ID of the other mobile electronic device (4) to the server (2), whereupon a check is made in the server (2) as to whether an association exists between the ID of the access permission to be transferred with a unique ID of another mobile electronic device,
if this is the case, sending a link by the server (2) to the other mobile electronic device (4), the execution of which link by the wallet application leads to an input screen for either the password specified by the purchaser of the access permission or for the authentication data specified by the purchaser of the access permission,
if the password is valid or the authentication data are valid, associating the access permission ID with the ID of the other mobile electronic device (4) in the server (2) and downloading the electronic access permission to the other mobile electronic device (4).
3. A method for preventing misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application, and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission, according to claim 1, further comprising:
if an access permission is to be transferred from one mobile electronic device (3) to another mobile electronic device (4), so that the access permission ID has already been associated with a unique ID of a mobile electronic device (3), then on a basis of a number of a completed associations between the access permission ID and unique IDs of mobile electronic devices, verifying how often the access permission has already been transferred, and
if the number of completed transfers has reached a predefined threshold value, preventing further transfer.
US16/040,628 2017-08-07 2018-07-20 Method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission Abandoned US20190043040A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US18/343,436 US12008546B2 (en) 2017-08-07 2023-06-28 Method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission
US18/738,495 US20250021964A1 (en) 2017-08-07 2024-06-10 Method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP17185122.3 2017-08-07
EP17185122.3A EP3442249B1 (en) 2017-08-07 2017-08-07 Method of preventing unauthorised use of electronic access rights which can be managed in mobile electronic devices by means of a wallet application, which can be transferred to the mobile electronic devices from a server by means of a link for downloading the access rights

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US18/343,436 Continuation US12008546B2 (en) 2017-08-07 2023-06-28 Method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission

Publications (1)

Publication Number Publication Date
US20190043040A1 true US20190043040A1 (en) 2019-02-07

Family

ID=59564116

Family Applications (3)

Application Number Title Priority Date Filing Date
US16/040,628 Abandoned US20190043040A1 (en) 2017-08-07 2018-07-20 Method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission
US18/343,436 Active US12008546B2 (en) 2017-08-07 2023-06-28 Method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission
US18/738,495 Pending US20250021964A1 (en) 2017-08-07 2024-06-10 Method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission

Family Applications After (2)

Application Number Title Priority Date Filing Date
US18/343,436 Active US12008546B2 (en) 2017-08-07 2023-06-28 Method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission
US18/738,495 Pending US20250021964A1 (en) 2017-08-07 2024-06-10 Method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission

Country Status (19)

Country Link
US (3) US20190043040A1 (en)
EP (1) EP3442249B1 (en)
JP (1) JP6559854B2 (en)
KR (1) KR102166671B1 (en)
CN (1) CN109388939B (en)
AR (1) AR112926A1 (en)
AU (1) AU2018204447B2 (en)
CA (1) CA3009682C (en)
CL (1) CL2018002088A1 (en)
CO (1) CO2018008254A1 (en)
DK (1) DK3442249T3 (en)
ES (1) ES2739206T3 (en)
HU (1) HUE044680T2 (en)
MX (1) MX376967B (en)
MY (1) MY186187A (en)
PL (1) PL3442249T3 (en)
RU (1) RU2697731C1 (en)
TW (1) TWI684883B (en)
ZA (1) ZA201803822B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11727145B1 (en) 2022-06-10 2023-08-15 Playback Health Inc. Multi-party controlled transient user credentialing for interaction with patient health data
US20240106651A1 (en) * 2022-09-22 2024-03-28 The Everest Project LLC Method of exiting a non-fungible token blockchain

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SE543959C2 (en) 2019-12-06 2021-10-05 Codiqo Ab A Digital, Personal and Secure Electronic Access Permission
CN114926929B (en) * 2021-12-31 2023-11-24 杭州晨鹰军泰科技有限公司 Method and device for processing entry and exit of key area, electronic equipment and storage medium

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010032312A1 (en) * 2000-03-06 2001-10-18 Davor Runje System and method for secure electronic digital rights management, secure transaction management and content distribution
US20030149662A1 (en) * 2000-02-10 2003-08-07 Jon Shore Apparatus, systems and methods for wirelessly transacting financial transfers , electronically recordable authorization transfers, and other information transfers
US20060212405A1 (en) * 2005-03-15 2006-09-21 Limelight Networks, Inc. Electronic copyright license repository
US20070276944A1 (en) * 2006-05-09 2007-11-29 Ticketmaster Apparatus for access control and processing
US20090138973A1 (en) * 2007-06-29 2009-05-28 Thomson Licensing Method for transferring digital content licenses and device for receiving such licenses
US20130238372A1 (en) * 2012-03-12 2013-09-12 Brown Paper Tickets Llc Transferring mobile tickets to others
US20140195276A1 (en) * 2012-01-23 2014-07-10 Vendini, Inc. Ticket transfer
US20160171497A1 (en) * 2014-12-11 2016-06-16 Skidata Ag Method for avoiding the misuse of access authorizations of an id-based access control system
US20160350547A1 (en) * 2015-05-29 2016-12-01 Yoti Ltd Systems and methods for electronic ticket management
US20170116693A1 (en) * 2015-10-27 2017-04-27 Verimatrix, Inc. Systems and Methods for Decentralizing Commerce and Rights Management for Digital Assets Using a Blockchain Rights Ledger
US9785764B2 (en) * 2015-02-13 2017-10-10 Yoti Ltd Digital identity
US20180018595A1 (en) * 2016-07-12 2018-01-18 TicketFire Url-based electronic ticket transfer
WO2018142587A1 (en) * 2017-02-03 2018-08-09 株式会社日立製作所 Ticket management system and ticket management method
US20180260539A1 (en) * 2017-03-08 2018-09-13 Microsoft Technology Licensing, Llc Device specific identity linked to user account
US20180322259A1 (en) * 2017-05-03 2018-11-08 Cisco Technology, Inc. Method and system for content and service sharing

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006215629A (en) * 2005-02-01 2006-08-17 Fujitsu Ltd Electronic ticket issuing device, admission decision system, and electronic ticket system
KR100822701B1 (en) * 2005-04-08 2008-04-17 (주)인테고소프트 Record media recording digital content license transaction relay system and method and program for executing them
JP2007041672A (en) * 2005-08-01 2007-02-15 Pia Corp Electronic ticket issuing system, computer program for realizing the same, and its method
JP2009123013A (en) * 2007-11-15 2009-06-04 Nec Corp Information communication system, communication apparatus, two-dimensional barcode, and method for managing issue of electronic coupon
KR101044564B1 (en) * 2009-07-01 2011-06-28 주식회사 소리바다 Content Control System and Method Using Web Address Information
RU2011133532A (en) * 2011-08-11 2013-02-20 Закрытое акционерное общество "Электронный вокзал" METHOD FOR ORGANIZING A SYSTEM FOR FORMING VIRTUAL TICKETS SALES AND CHECKING THEIR VALIDITY
TWI591554B (en) * 2012-05-28 2017-07-11 Chunghwa Telecom Co Ltd Electronic ticket security system and method
TW201401199A (en) * 2012-06-27 2014-01-01 Chun-Wen Cheng Trading method and mobile device performing the trading method
US20140136248A1 (en) * 2012-10-09 2014-05-15 Vendini, Inc. Ticket transfer fingerprinting, security, and anti-fraud measures
KR101620339B1 (en) * 2014-03-20 2016-05-12 (주)한국인터넷기술원 The method and apparatus of certificating an user using the recognition code
JP6157411B2 (en) * 2014-05-30 2017-07-05 キヤノン株式会社 Authority transfer system, method, authentication server system, and program thereof
JP6818679B2 (en) * 2014-10-13 2021-01-20 シークエント ソフトウェア、インコーポレイテッド Secure host card embroidery credentials
CN104579682A (en) * 2014-12-30 2015-04-29 华夏银行股份有限公司 Access method and system for multi-service server
US20160350861A1 (en) * 2015-05-29 2016-12-01 Yoti Ltd Electronic systems and methods for asset tracking
EP3295388A1 (en) * 2015-05-29 2018-03-21 Yoti Holding Limited Computer-implemented tracking mechanism and data management
JP2017107440A (en) * 2015-12-10 2017-06-15 凸版印刷株式会社 Server device and electronic ticket system

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030149662A1 (en) * 2000-02-10 2003-08-07 Jon Shore Apparatus, systems and methods for wirelessly transacting financial transfers , electronically recordable authorization transfers, and other information transfers
US20010032312A1 (en) * 2000-03-06 2001-10-18 Davor Runje System and method for secure electronic digital rights management, secure transaction management and content distribution
US20060212405A1 (en) * 2005-03-15 2006-09-21 Limelight Networks, Inc. Electronic copyright license repository
US20070276944A1 (en) * 2006-05-09 2007-11-29 Ticketmaster Apparatus for access control and processing
US20090138973A1 (en) * 2007-06-29 2009-05-28 Thomson Licensing Method for transferring digital content licenses and device for receiving such licenses
US20140195276A1 (en) * 2012-01-23 2014-07-10 Vendini, Inc. Ticket transfer
US20130238372A1 (en) * 2012-03-12 2013-09-12 Brown Paper Tickets Llc Transferring mobile tickets to others
US20160171497A1 (en) * 2014-12-11 2016-06-16 Skidata Ag Method for avoiding the misuse of access authorizations of an id-based access control system
US9785764B2 (en) * 2015-02-13 2017-10-10 Yoti Ltd Digital identity
US20160350547A1 (en) * 2015-05-29 2016-12-01 Yoti Ltd Systems and methods for electronic ticket management
US20170116693A1 (en) * 2015-10-27 2017-04-27 Verimatrix, Inc. Systems and Methods for Decentralizing Commerce and Rights Management for Digital Assets Using a Blockchain Rights Ledger
US20180018595A1 (en) * 2016-07-12 2018-01-18 TicketFire Url-based electronic ticket transfer
WO2018142587A1 (en) * 2017-02-03 2018-08-09 株式会社日立製作所 Ticket management system and ticket management method
US20180260539A1 (en) * 2017-03-08 2018-09-13 Microsoft Technology Licensing, Llc Device specific identity linked to user account
US20180322259A1 (en) * 2017-05-03 2018-11-08 Cisco Technology, Inc. Method and system for content and service sharing

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11727145B1 (en) 2022-06-10 2023-08-15 Playback Health Inc. Multi-party controlled transient user credentialing for interaction with patient health data
US12292996B2 (en) 2022-06-10 2025-05-06 Playback Health Inc. Multi-party controlled transient user credentialing for interaction with secure data
US20240106651A1 (en) * 2022-09-22 2024-03-28 The Everest Project LLC Method of exiting a non-fungible token blockchain

Also Published As

Publication number Publication date
CL2018002088A1 (en) 2018-11-09
AU2018204447B2 (en) 2019-08-01
JP6559854B2 (en) 2019-08-14
ES2739206T3 (en) 2020-01-29
MX376967B (en) 2025-03-07
PL3442249T3 (en) 2019-11-29
KR102166671B1 (en) 2020-10-19
JP2019032836A (en) 2019-02-28
US20230342756A1 (en) 2023-10-26
TW201911097A (en) 2019-03-16
CN109388939B (en) 2022-03-29
RU2697731C1 (en) 2019-08-19
TWI684883B (en) 2020-02-11
BR102018014613A2 (en) 2019-04-16
AU2018204447A1 (en) 2019-02-21
NZ743645A (en) 2019-08-30
CO2018008254A1 (en) 2020-02-07
DK3442249T3 (en) 2019-08-12
HUE044680T2 (en) 2019-11-28
CA3009682A1 (en) 2019-02-07
CA3009682C (en) 2020-04-28
MX2018009342A (en) 2019-02-08
KR20190016002A (en) 2019-02-15
US20250021964A1 (en) 2025-01-16
CN109388939A (en) 2019-02-26
EP3442249B1 (en) 2019-05-22
ZA201803822B (en) 2019-02-27
US12008546B2 (en) 2024-06-11
MY186187A (en) 2021-06-30
EP3442249A1 (en) 2019-02-13
AR112926A1 (en) 2020-01-08

Similar Documents

Publication Publication Date Title
US12008546B2 (en) Method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for downloading the access permission
US11708051B2 (en) Systems and methods for data storage in keyed devices
US20200304501A1 (en) Website login method and apparatus
CN107251106B (en) Method for secure transmission of virtual keys and method for authentication of mobile terminals
US8612742B2 (en) Method of authentication at time of update of software embedded in information terminal, system for same and program for same
US20160150407A1 (en) Method And System For Connecting A Mobile Communication Device To An Automobile
US20150339599A1 (en) System, mobile device and method for electronic ticket peer to peer secure transferring by near field communication (nfc) technology
CN110795737A (en) Method and terminal equipment for upgrading service application range of electronic identity card
CN102413146B (en) Client authorized logon method based on dynamic codes
US10148439B2 (en) Methods and systems for controlling medical device usage
JP2013251814A (en) Radio communication device
CN112292845A (en) Information processing apparatus, information processing method, and program
NZ743645B (en) Method for preventing the misuse of electronic access permissions, which can be managed in mobile electronic devices using a wallet application and which are transmitted to the mobile electronic devices by a server, in each case using a link for download
WO2021114113A1 (en) Flash processing method and relevant apparatus
JP2014132448A5 (en)
TWI664555B (en) Key pairing method between display screen and motherboard of handheld device and handheld device using same
JP6662561B2 (en) Information processing method, information processing device, authentication server device and confirmation server device
KR101543302B1 (en) Smart security authenticatiion service method and system
KR101578383B1 (en) System and method of controlling user device using profile
BR102018014613B1 (en) METHOD FOR PREVENTING THE MISUSE OF ELECTRONIC ACCESS PERMISSIONS, WHICH CAN BE MANAGED ON MOBILE ELECTRONIC DEVICES USING A POCKET APPLICATION AND WHICH ARE TRANSMITTED TO THE MOBILE ELECTRONIC DEVICES BY A SERVER, IN EACH CASE USING A LINK FOR DOWNLOADING THE ACCESS PERMISSION
JP6344061B2 (en) Mobile communication terminal, information writing device, information writing system, and information writing method

Legal Events

Date Code Title Description
AS Assignment

Owner name: SKIDATA AG, SWITZERLAND

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MALMBORG, ANDERS;JAYAPRAKASH, VAIJAYANTHI MALA;SIGNING DATES FROM 20180622 TO 20180709;REEL/FRAME:046411/0302

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: ADVISORY ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: ADVISORY ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO PAY ISSUE FEE

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO PAY ISSUE FEE