[go: up one dir, main page]

WO2015162276A3 - Secure token implementation - Google Patents

Secure token implementation Download PDF

Info

Publication number
WO2015162276A3
WO2015162276A3 PCT/EP2015/058981 EP2015058981W WO2015162276A3 WO 2015162276 A3 WO2015162276 A3 WO 2015162276A3 EP 2015058981 W EP2015058981 W EP 2015058981W WO 2015162276 A3 WO2015162276 A3 WO 2015162276A3
Authority
WO
WIPO (PCT)
Prior art keywords
token
user device
tokens
secure token
service provider
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2015/058981
Other languages
French (fr)
Other versions
WO2015162276A2 (en
Inventor
Jaimie ABRIL DOVALO
Rebecca HIGLEY
Cristina VINTILA
Nikolai Strasding
Selin ÖZSOY
Sebastiaan Hoeksel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vodafone IP Licensing Ltd
Original Assignee
Vodafone IP Licensing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GB1407257.3A external-priority patent/GB2525425A/en
Priority claimed from GB1407258.1A external-priority patent/GB2525426A/en
Priority claimed from GB1407256.5A external-priority patent/GB2525424A/en
Priority claimed from GB1407255.7A external-priority patent/GB2525423A/en
Priority claimed from GB1407254.0A external-priority patent/GB2525422A/en
Application filed by Vodafone IP Licensing Ltd filed Critical Vodafone IP Licensing Ltd
Publication of WO2015162276A2 publication Critical patent/WO2015162276A2/en
Publication of WO2015162276A3 publication Critical patent/WO2015162276A3/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3229Use of the SIM of a M-device as secure element
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

To ensure security of token provision to a user device, token request by (or on behalf of) the user device, token generation at a token service provider and token provision from the token service provider each make use of data stored within a secure element, SE, of an SE module of the user device. Tokens are generated in dependence on the obtained data: storage and communications of the tokens are also secured using the obtained data. Advantageously, the data required to generate a token request is securely stored on a user device itself and not a server remote from the user device.
PCT/EP2015/058981 2014-04-24 2015-04-24 Secure token implementation Ceased WO2015162276A2 (en)

Applications Claiming Priority (10)

Application Number Priority Date Filing Date Title
GB1407257.3A GB2525425A (en) 2014-04-24 2014-04-24 Secure token implementation
GB1407258.1A GB2525426A (en) 2014-04-24 2014-04-24 Secure token implementation
GB1407256.5A GB2525424A (en) 2014-04-24 2014-04-24 Secure token implementation
GB1407255.7 2014-04-24
GB1407257.3 2014-04-24
GB1407258.1 2014-04-24
GB1407255.7A GB2525423A (en) 2014-04-24 2014-04-24 Secure Token implementation
GB1407254.0A GB2525422A (en) 2014-04-24 2014-04-24 Secure token implementation
GB1407256.5 2014-04-24
GB1407254.0 2014-04-24

Publications (2)

Publication Number Publication Date
WO2015162276A2 WO2015162276A2 (en) 2015-10-29
WO2015162276A3 true WO2015162276A3 (en) 2016-03-24

Family

ID=53610851

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2015/058981 Ceased WO2015162276A2 (en) 2014-04-24 2015-04-24 Secure token implementation

Country Status (1)

Country Link
WO (1) WO2015162276A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106897874A (en) * 2016-06-01 2017-06-27 阿里巴巴集团控股有限公司 Mobile payment method, device and system

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107220828B (en) * 2016-03-22 2020-09-08 阿里巴巴集团控股有限公司 Method, system and device for payment authorization and payment through wearable device
EP3577850B1 (en) 2017-02-01 2021-07-14 Equifax, Inc. Verifying an identity based on multiple distributed data sources using a blockchain to safeguard the identity
US11842328B2 (en) * 2019-10-24 2023-12-12 Mastercard International Incorporated Systems and methods for provisioning a token to a token storage device
US12088583B2 (en) * 2020-11-11 2024-09-10 Hewlett Packard Enterprise Development Lp Permissions for backup-related operations

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009112793A1 (en) * 2008-03-14 2009-09-17 British Telecommunications Public Limited Company Mobile payments
WO2012002852A1 (en) * 2010-06-29 2012-01-05 Telefonaktiebolaget L M Ericsson (Publ) Methods, server, merchant device, computer programs and computer program products for setting up communication
US20140025958A1 (en) * 2012-07-19 2014-01-23 Bank Of America Corporation Implementing security measures for authorized tokens used in mobile transactions
US20140090045A1 (en) * 2012-09-11 2014-03-27 First Data Corporation Systems and methods for facilitating login aid functionality in mobile commerce
WO2014049136A1 (en) * 2012-09-28 2014-04-03 Bell Identification Bv Method and apparatus for providing secure services using a mobile device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009112793A1 (en) * 2008-03-14 2009-09-17 British Telecommunications Public Limited Company Mobile payments
WO2012002852A1 (en) * 2010-06-29 2012-01-05 Telefonaktiebolaget L M Ericsson (Publ) Methods, server, merchant device, computer programs and computer program products for setting up communication
US20140025958A1 (en) * 2012-07-19 2014-01-23 Bank Of America Corporation Implementing security measures for authorized tokens used in mobile transactions
US20140090045A1 (en) * 2012-09-11 2014-03-27 First Data Corporation Systems and methods for facilitating login aid functionality in mobile commerce
WO2014049136A1 (en) * 2012-09-28 2014-04-03 Bell Identification Bv Method and apparatus for providing secure services using a mobile device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106897874A (en) * 2016-06-01 2017-06-27 阿里巴巴集团控股有限公司 Mobile payment method, device and system

Also Published As

Publication number Publication date
WO2015162276A2 (en) 2015-10-29

Similar Documents

Publication Publication Date Title
WO2015023341A3 (en) Secure authorization systems and methods
WO2013106688A3 (en) Authenticating cloud computing enabling secure services
WO2016049636A3 (en) Remote server encrypted data provisioning system and methods
EP4271016A3 (en) Enhanced authentication based on secondary device interactions
HK1232356A1 (en) Authentication system and method
EP3690777A3 (en) Electronic device, certification agency server, and payment system
WO2014195501A3 (en) Electronic authentication systems
WO2014011318A3 (en) Methods and apparatus for preprovisioning authentication tokens to mobile applications
WO2016175914A3 (en) Transaction signing utilizing asymmetric cryptography
EP4614416A3 (en) Systems and methods for using a transaction identifier to protect sensitive credentials
PH12016501640A1 (en) Techniques to operate a service with machine generated authentication tokens
EP2706724A3 (en) Systems and methods for secure file portability between mobile applications on a mobile device
HK1218474A1 (en) Providing digital certificates
WO2017200846A8 (en) User interface for a device requesting remote authorization
MX345061B (en) Method, one or more computer-readable non-transitory storage media and a device, in particular relating to computing resources and/or mobile-device-based trust computing.
WO2013106094A3 (en) System and method for device registration and authentication
WO2015162072A3 (en) Instant messaging systems and methods
MY190913A (en) Device and method for secure connection
MX2018003007A (en) Proxy device for representing multiple credentials.
NZ629125A (en) Credential management system
WO2014195293A3 (en) Authentication devices, key generator devices, methods for controlling an authentication device, and methods for controlling a key generator
WO2016093912A3 (en) Systems and methods for secure device provisioning
MX373464B (en) BORROWING TARGET DEVICE RESOURCES TO THE PRIMARY DEVICE COMPUTING ENVIRONMENT.
WO2016077012A3 (en) User authentication confidence based on multiple devices
WO2015162276A3 (en) Secure token implementation

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15738277

Country of ref document: EP

Kind code of ref document: A2