[go: up one dir, main page]

WO2016051353A1 - System and ergonomically advantageous method for performing online secure transactions on trusted personal device - Google Patents

System and ergonomically advantageous method for performing online secure transactions on trusted personal device Download PDF

Info

Publication number
WO2016051353A1
WO2016051353A1 PCT/IB2015/057481 IB2015057481W WO2016051353A1 WO 2016051353 A1 WO2016051353 A1 WO 2016051353A1 IB 2015057481 W IB2015057481 W IB 2015057481W WO 2016051353 A1 WO2016051353 A1 WO 2016051353A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
keyboard
personal device
user
based smart
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IB2015/057481
Other languages
French (fr)
Inventor
Abhishek Sinha
Abhinav Sinha
Anupam Varghese
Kumar Abhishek
Rohit Srivastava
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Eko India Financial Services Pvt Ltd
Original Assignee
Eko India Financial Services Pvt Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Eko India Financial Services Pvt Ltd filed Critical Eko India Financial Services Pvt Ltd
Publication of WO2016051353A1 publication Critical patent/WO2016051353A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3227Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/363Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user

Definitions

  • the present invention relates to a system and method of secure online transactions using a Trusted Personal Device. More particularly, the present invention relates to a system and method of simplified transactions over electronic platform involving more than one party. Further, the present invention discloses a special virtual keyboard on a Trusted Personal Device capable of being used as a field storage interface, automated field retrieval and filling system requiring minimal user intervention.
  • TPDs Trusted Personal Devices
  • e/m-commerce electronic/ mobile commerce
  • Mobile banking, mobile payments and online transactions have found altogether a new platform in the form of smart phones and tablets. Almost anything and everything is within reach to a consumer through this combination of smart phone and tablets, internet, and mobile banking facilities provided by all financial institutions.
  • the user is required to move input focus to the respective field and press the individual keys viz 'u', 's', 'e' and 'r' on the keyboard and then move the focus to the next field and enter 'p', 'a', 's', 's', ⁇ ', '2', '3' and then follow it up with a click/ invocation of an action button named 'sign-in'.
  • I n a variation of the first-time data storage described above, certain applications with privileged access, such as browser extensions, could a utomatically/ with user's permission, save the forms/ field data as and when the data is being normally entered on the form/ when it is submitted.
  • a consumer can select a product he wants to purchase online or avail a service, make payment through payment gateway channels partner to the seller through net-banking, credit/ debit cards or other internet based financial instruments.
  • product to be purchased or service to be availed is selected and entered into shopping cart. While checking out, various payment options are provided subject to availability, like, through net- banking, credit or debit cards, or even cash-on-delivery.
  • net-banking or credit/debit card payment option is selected, the webpage is redirected to a payment gateway of a bank or any financial institution platform for entering user authentication data followed by request, generation and SMS of unique One Time Password (OTP) for validation purposes. Once validation is done, and payment is approved the webpage is redirected back to the seller webpage resulting into successful completion of online purchase event.
  • OTP One Time Password
  • OTP the unique password
  • An online purchase event becomes particularly cumbersome when it is performed on a smart phone or tablet, as the user, apart from being required to remember and enter correctly his payment instrument identity (such as credit card number and other details) is required to switch to an SMS application view the unique OTP passwords received as SMS, remember it correctly, switch back to the application where the purchase was being made and enter it in the appropriate OTP input field.
  • his payment instrument identity such as credit card number and other details
  • CN101916478 describes a method for automatically acquiring, verifying and inputting a dynamic password in a normal short message by a client.
  • the ergonomics of the transaction is still pending redress.
  • a consumer in general possesses accounts and credit cards with multiple financial institutions.
  • the user is required to remember multilevel passwords for multiple accounts which itself is very challenging. Carrying cards all the time increases the risk of theft/loss.
  • the main object of the disclosed invention is to provide a system and method of secure online transaction using a Trusted Personal Device.
  • Another main object of the proposed invention is to provide a system and method of simplified transactions over electronic platform involving more than one party.
  • Yet another object of the invention is to provide an ergonomically advantageous method for performing online transactions using a smart phone and tablet.
  • Yet another object of the invention is to provide a special virtual keyboard on a Trusted Personal Device capable of secure and ergonomic storage of form data involving one or more input fields, including sensitive ones like passwords and PINs, over one or more pages, and one or more actions for field, page navigations and page submissions.
  • Yet another object of the invention is to provide a special virtual keyboard on a Trusted Personal Device capable of secure and ergonomic retrieval of form data involving one or more input fields, including sensitive ones like passwords and PINs, over one or more pages, and one or more actions for field, page navigations and page submissions.
  • Yet another object of the invention is to provide a special virtual keyboard on a Trusted Personal Device capable of secure and ergonomic filling of form data involving one or more input fields, including sensitive ones like passwords and PINs, over one or more pages, and one or more actions for field, page navigations and page submissions.
  • the present invention relates to a system and ergonomic method of secure online payment using a Trusted Personal Device. More particularly, the present invention relates to a system and method of simplified transactions over electronic platform involving more than one party. Further, this invention also enables simplified and secure online payments using a Trusted Personal Device
  • the present invention discloses a special virtual keyboard of a Trusted Personal Device capable of being used as a field storage interface, automated field retrieval and filling system requiring minimal user intervention.
  • the present invention discloses a Keyboard based smart vault wherein the smart vault allows secure and ergonomic storage and retrieval of form data involving one or more input fields, including sensitive ones like passwords and PINs, over one or more pages, and one or more actions for field, page navigations and page submissions.
  • a special virtual keyboard or a keyboard extension is proposed wherein apart from usual character entry, the keyboard is capable of being provisioned from a server to validate the Device and mobile number.
  • the keyboard is further capable of enabling cryptographically secured storage of data, either locally or on remote server.
  • the said keyboard is capable of identifying, categorizing and fetching specific field values from one location and auto-completing the desired information on other location in a Trusted Personal Device.
  • the system supports single password access to enable entry of data indicated as sensitive by the user. For example, if the banking application password is entered, the user may indicate that it requires an additional authentication factor from the use. Alternatively or in addition, the system allows leveraging fingerprint or any biometric authentication device, if present on the mobile device, to act as the additional factor of authentication.
  • Fig.l depicts the invention showing representative diagram of the virtual device keyboard on top of a sample application on the mobile phone or tablet.
  • Fig.2 shows module outline of proposed keyboard based smart vault.
  • Fig.3 shows flow for a typical mobile payment process being auto-processed by the one-click checkout button on the keyboard of proposed invention.
  • the present invention relates to a system and method of secure online payment using a Trusted Personal Device, particularly a smart phone or a tablet. More particularly, the present invention relates to a system and method of simplified transactions over electronic platform involving more than one party like seller, third party payment gateway financial institution etc. Further, the present invention specifically discloses for a smart phone and a tablet, a virtual keyboard based smart vault capable of being used as auto-payment data field storage interface requiring minimal user intervention.
  • a special virtual keyboard or a keyboard extension is proposed wherein apart from usual character entry, the keyboard is capable of being provisioned from a server to validate the Device and mobile number.
  • the keyboard is further capable of enabling cryptographically secured storage of data, either locally or on remote server.
  • the keyboard based smart vault stores sensitive information like details of all credit/debit cards of user, CVV numbers, Names and Addresses of corresponding cards, login and transaction passwords of bank accounts and other such sensitive/ non-sensitive data in the form of encrypted codes which is stored locally or remote servers. All the information is retrievable through a single password and/ or any other suitable authentication methods. This feature obviates the problem of carrying all the cards or remembering all passwords all the time.
  • the system supports single password access to enable entry of data indicated as sensitive by the user. For example, if the banking application is being accessed, the user may indicate that it requires an explicit authentication by the user.
  • the system allows leveraging fingerprint device or any biometric authentication device, if present on the mobile device to act as a factor of authentication.
  • the said keyboard saves specific data input fields in a local database using encrypted secure storage.
  • the keyboard is capable of identifying, categorizing and fetching specific field values from one location and auto-completing the desired information on other location in a Trusted Personal Device. For instance, during a typical purchasing event, the said keyboard identifies the bank providing payment gateway, corresponding card details, like card number, CVV code, expiry date, and name on card and auto- completes the corresponding fields.
  • the keyboard identifies the OTP received on the phone or a tablet from the message box, fetches the same and auto-complete the same in the corresponding field for secondary authentication during the transaction event.
  • the keyboard allows third party OTP service providers and financial institutions to plug-in and directly delivers the OTP to the TPD using secure data channels as an alternative to SMS as a channel of delivery of OTP thereby reducing costs and improving security.
  • the keyboard is 'tokenization' enabled wherein the entered password/PIN/CVV is converted into another coded password before being sent to a third party server.
  • the coded password is de-coded to originally entered password/PIN/CVV.
  • the keyboard is a standard keyboard layout with the alphabets for the language and a special number only mode, it transforms the keyed in password/pin/cvv as the case may be, to something else in a process called tokenization. For instance, if the keyboard types 1234, it may transform into 6395 based on a secret one time transforming key passed on to the application from a designated server. This ensures that the real pin/secret is never entered on the third party merchant or app.
  • the back end servers securely communicate with the designated server to access the same key to re-transform it back to the original pin/secret.
  • process flow of a transaction event is simplified wherein the keyboard based smart vault fetches information for input fields.
  • the keyboard enters all the desired values automatically using single password authentication resulting in single click transactions. This minimizes the chances of failed transactions.
  • a typical module of proposed keyboard based smart vault wherein the user can select from the optional modes of the keyboard based smart vault like, standard keyboard or smart vault modes. Further, module for provisioning and activation of the keyboard for storing data for future use is provided. Here, the user registers all information pertaining to various cards and corresponding details. The module further allows for secondary authentications like optional PIN and/or biometrics based authentication. Thus to start the application one-time pre-registration of account/card details is done along with security provisioning of the keyboard based smart vault.
  • Process flow for a typical mobile payment (checkout) process being auto-processed by the one-click checkout button on the keyboard is shown. Clicking the one-click button on the keyboard based smart vault initiates the transaction event.
  • the system optionally requires card/wallet selection and user authentication through a PIN/ Pattern/ Biometric authentication as the case may be.
  • the keyboard based smart vault automatically fills in the fields as required and submits the form or part thereof.
  • the keyboard is capable of handling multi-page forms requiring no additional inputs from the user and switching the pages to-and-fro.
  • the vault keyboard reads the OTP received over SMS or on data channel to the device and enters it. It submits all forms leading to payment result page, thus obviating the user from remembering or entering all details personally every time.
  • the system and method of secure one-click transaction involves a smart phone or a tablet with internet access, merchant's/seller's server, financial institution's server and network operator.
  • the sequence of events in a typical financial transaction using the present invention will be as follows: a. User equips the smart phone or the tablet with keyboard based smart vault/keyboard extension. The user enters details of all or preferred credit/debit cards or accounts and their corresponding login and transaction passwords for the provisioning of the keyboard based smart vault.
  • the keyboard has security levels where the data entered is encrypted and secured with password and optionally additional authentication measure like biometrics or PINs. This particular step is performed once and the information is secured for future transactions.
  • the user authenticates himself for the use of keyboard based smart vault by entering the password.
  • the user selects the product to be purchased or a bill to be paid and goes for payment option.
  • the page is redirected to a third party gateway , or to the payment gateway of any particular bank selected by the user.
  • the payment gateway has fields or forms to be filled in. The fields are identified and filled automatically by the keyboard based smart vault, wherein the keyboard is capable of identifying which credit/debit card details are to be filled in. For instance, in case the payment gateway is of Bank A, details of Bank A card will be filled in automatically. Codes and passwords will be entered by the keyboard based smart vault automatically.
  • e
  • Bank shall send OTP to the user through SMS.
  • the OTP is received by the smart phone/tablet as SMS.
  • the OTP is identified and fetched by the keyboard based smart vault and corresponding field on the page is filled automatically. f.
  • the Bank approves the payment and the page is redirected to merchant's or seller's website for further steps.
  • the user is required to remember only one or two passwords of keyboard based smart vault. Also, the card and account details are also not required to be entered each time. In addition to the same, the user is no more required to switch from one page to another to fetch and fill OTP during the transaction.
  • a system for secure online transactions comprising: a trusted personal device comprising a special virtual keyboard capable of being used as a data storage interface, automated data retrieval and filling system; and a keyboard based smart vault that allows secure and ergonomic storage and retrieval of form data involving one or more input fields, the data including but not limited to sensitive ones like dynamic passwords and PINs, over one or more pages, and one or more actions for field, page navigations and page submissions; and a remote server for communicating the transactions; wherein said special virtual keyboard apart from usual character entry, is capable of being provisioned by the remote server to validate the trusted personal device and validate user for secure transaction procedures; said keyboard based smart vault is further capable of enabling cryptographically secured storage of data, either locally on trusted personal device or on the remote server; said special virtual keyboard is capable of identifying, categorizing and fetching specific field values from one location and auto-completing the desired information at desired location in the trusted personal device; the system is provisioned for single step authentication of the user through keyboard
  • a method of secure online payments using a trusted personal device comprising steps of: a. customizing the trusted personal device with a keyboard based smart vault wherein the user enters details of all or preferred financial institution data and authentication values for the provisioning of the keyboard based smart vault; b. securing said keyboard smart vault having security levels where the data entered is encrypted and secured with password and optionally additional authentication measure like biometrics or PINs wherein the step a. is performed once and the information is secured for future transactions; c. activating an online transaction over the trusted personal device wherein the user authenticates himself for the use of keyboard based smart vault by entering password; d.
  • selecting a transaction page including but not limited to purchasing a product or paying a bill wherein the page is redirected to a third party gateway, or to the payment gateway of any particular financial institution selected by the user; e. identifying, fetching and filling automatically the fields or forms on the payment gateway using the keyboard based smart vault capable of identifying preferred financial institution data and authentication details; f. requesting and receiving validation data from corresponding financial institution server including but not limited to OTP through SMS wherein the OTP is received by the trusted personal device and is identified and fetched by the keyboard based smart vault and corresponding field on the gateway page is filled automatically; g. authenticating logged details and approving the transaction by server of corresponding financial institution; and h. redirecting page to merchant's or seller's website for completion of transaction.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention relates to a system and method of secure online payment using a Trusted Personal Device, particularly a smart phone or a tablet. More particularly, the present invention relates to a system and method of simplified transactions over electronic platform involving more than one party like seller, third party payment gateway financial institution etc. Further, the present invention specifically discloses for a smart phone and a tablet, a virtual keyboard based smart vault capable of being used as auto-payment data field storage interface requiring minimal user intervention.

Description

"SYSTEM AND ERGONOMICALLY ADVANTAGEOUS METHOD FOR PERFORMING ONLINE SECURE TRANSACTIONS ON TRUSTED PERSONAL DEVICE"
FIELD OF THE INVENTION
The present invention relates to a system and method of secure online transactions using a Trusted Personal Device. More particularly, the present invention relates to a system and method of simplified transactions over electronic platform involving more than one party. Further, the present invention discloses a special virtual keyboard on a Trusted Personal Device capable of being used as a field storage interface, automated field retrieval and filling system requiring minimal user intervention.
BACKGROUND OF THE INVENTION
Recent years have seen substantial growth in smart phone and tablet markets. The product has paved in its way to a large number of users now a days. Such devices are being collectively referred to as Trusted Personal Devices or TPDs. They are essentially portable electronic communication and computing devices which typically have access to data connectivity. Meanwhile, e/m-commerce (electronic/ mobile commerce) has been growing steadily and significantly. Mobile banking, mobile payments and online transactions have found altogether a new platform in the form of smart phones and tablets. Almost anything and everything is within reach to a consumer through this combination of smart phone and tablets, internet, and mobile banking facilities provided by all financial institutions.
Almost all electronic applications, whether on-device or web-based, require user input which needs to be usually repeated for each instance of use or some predetermined time interval as defined by the application. Such repetitive user input is required for a variety of reason including but not limited to logging in (sign-on), data entry, providing payment identity and payment authentication. Typically, such user input is done by entering the individual keys on a keyboard virtual or otherwise. For example, for signing in to a n email a pplication, if the username is 'user' and the password is 'passl23', the user is required to move input focus to the respective field and press the individual keys viz 'u', 's', 'e' and 'r' on the keyboard and then move the focus to the next field and enter 'p', 'a', 's', 's', Ί', '2', '3' and then follow it up with a click/ invocation of an action button named 'sign-in'.
Alternatively, there exist form/ password managers as separate a pplications or web browser extensions, where this information could first be similarly keyed in and saved such that before the next instance of sign-in, the form/ password could be invoked automatica lly such that the form information could be a utomatically filled in or explicitly by the user such that the saved information could be copy-pasted using the device's clipboard (tempora ry memory storage).
I n a variation of the first-time data storage described above, certain applications with privileged access, such as browser extensions, could a utomatically/ with user's permission, save the forms/ field data as and when the data is being normally entered on the form/ when it is submitted.
However, the methods described a bove have the limitation that in case of browser extensions, they will function only within that pa rticular browser application and in case of independent applications, they require the user to switch between the application where the data is being entered and the specia l form/ password ma nger application and may additiona lly require the user to depend on susceptible copy- paste functiona lity provided by the devices. These aspects make the usage of the existing solutions cumbersome and non-secure especially on Trusted Personal Devices.
Tapping in to e/m-commerce demands, financia l institutions have been providing internet banking/ internet based payment facilities to the account holders. These facilities are also used for various purposes such as online bill payments, e- governance. Accordingly, various security levels are used where a user may be required to authenticate himself with a pre-determined password as well as an instantly generated password. The pre-determined passwords are the ones which are set by user and used every time a transaction is made. They are memorized by the user. The instantly generated passwords, generally known as OTPs (One Time Passwords), are unique single use passwords generated by the financial institutions or designated authentication service providers. Such passwords, generated with time as well as use limitations and are usually sent over an SMS to the registered mobile number of the customer.
Presently, a consumer can select a product he wants to purchase online or avail a service, make payment through payment gateway channels partner to the seller through net-banking, credit/ debit cards or other internet based financial instruments.
In a typical event of making an e/m-commerce transaction, product to be purchased or service to be availed is selected and entered into shopping cart. While checking out, various payment options are provided subject to availability, like, through net- banking, credit or debit cards, or even cash-on-delivery. In case net-banking or credit/debit card payment option is selected, the webpage is redirected to a payment gateway of a bank or any financial institution platform for entering user authentication data followed by request, generation and SMS of unique One Time Password (OTP) for validation purposes. Once validation is done, and payment is approved the webpage is redirected back to the seller webpage resulting into successful completion of online purchase event.
The process is non-trivial for the user. Many a times, OTP, the unique password, is generated by the bank only after explicit initiation of a request for the same through SMS by the user from his registered mobile number, even before the initiation of purchase event on merchant website.
An online purchase event becomes particularly cumbersome when it is performed on a smart phone or tablet, as the user, apart from being required to remember and enter correctly his payment instrument identity (such as credit card number and other details) is required to switch to an SMS application view the unique OTP passwords received as SMS, remember it correctly, switch back to the application where the purchase was being made and enter it in the appropriate OTP input field. Such switchover at times leads to failed transactions and ultimately results in loss of time as well as business.
CN101916478 describes a method for automatically acquiring, verifying and inputting a dynamic password in a normal short message by a client. However, the ergonomics of the transaction is still pending redress. There are many aspects in a typical online transaction through smart phones and tablets. The following paragraphs identify the shortcomings of the state of the art.
In another aspect, a consumer in general possesses accounts and credit cards with multiple financial institutions. In such cases, the user is required to remember multilevel passwords for multiple accounts which itself is very challenging. Carrying cards all the time increases the risk of theft/loss.
With the development of e/m-commerce concerns of user data security has also increased. There is considerable rise in cases of phishing, password hacking/theft, card cloning and other financial frauds.
Apart from the above general concerns of data security as well as user friendly transaction process requirement, there are technical limitations to be addressed. For instance, the technology and user interface is developed differently for TPDs.
Thus, there is a requirement for a system and method for obviating the disadvantages associated with the state of the art methods. There is a need for such system which provides a user friendly interface having inbuilt security, data field storage, retrieval and automated entry, especially for the e/m-commerce scenarios. OBJECT OF THE INVENTION
Accordingly, the main object of the disclosed invention is to provide a system and method of secure online transaction using a Trusted Personal Device.
Another main object of the proposed invention is to provide a system and method of simplified transactions over electronic platform involving more than one party.
Yet another object of the invention is to provide an ergonomically advantageous method for performing online transactions using a smart phone and tablet.
Yet another object of the invention is to provide a special virtual keyboard on a Trusted Personal Device capable of secure and ergonomic storage of form data involving one or more input fields, including sensitive ones like passwords and PINs, over one or more pages, and one or more actions for field, page navigations and page submissions.
Yet another object of the invention is to provide a special virtual keyboard on a Trusted Personal Device capable of secure and ergonomic retrieval of form data involving one or more input fields, including sensitive ones like passwords and PINs, over one or more pages, and one or more actions for field, page navigations and page submissions.
Yet another object of the invention is to provide a special virtual keyboard on a Trusted Personal Device capable of secure and ergonomic filling of form data involving one or more input fields, including sensitive ones like passwords and PINs, over one or more pages, and one or more actions for field, page navigations and page submissions.
Yet another object of the invention is to provide a special virtual keyboard enabled with the tokenization feature for enhance data security. Yet another object of the invention is to provide a multi-level security feature enabled method for performing online transactions using a smart phone or tablet. Still another object of the proposed invention is to provide an alternative to state of the art method of online transactions using a Trusted Personal Device.
SUMMARY OF THE INVENTION
Accordingly, the present invention relates to a system and ergonomic method of secure online payment using a Trusted Personal Device. More particularly, the present invention relates to a system and method of simplified transactions over electronic platform involving more than one party. Further, this invention also enables simplified and secure online payments using a Trusted Personal Device
Further, the present invention discloses a special virtual keyboard of a Trusted Personal Device capable of being used as a field storage interface, automated field retrieval and filling system requiring minimal user intervention.
In a preferred embodiment, the present invention discloses a Keyboard based smart vault wherein the smart vault allows secure and ergonomic storage and retrieval of form data involving one or more input fields, including sensitive ones like passwords and PINs, over one or more pages, and one or more actions for field, page navigations and page submissions.
In another preferred embodiment of the present invention, a special virtual keyboard or a keyboard extension is proposed wherein apart from usual character entry, the keyboard is capable of being provisioned from a server to validate the Device and mobile number.
The keyboard is further capable of enabling cryptographically secured storage of data, either locally or on remote server. In yet another preferred embodiment of the present invention, the said keyboard is capable of identifying, categorizing and fetching specific field values from one location and auto-completing the desired information on other location in a Trusted Personal Device. In another preferred embodiment, the system supports single password access to enable entry of data indicated as sensitive by the user. For example, if the banking application password is entered, the user may indicate that it requires an additional authentication factor from the use. Alternatively or in addition, the system allows leveraging fingerprint or any biometric authentication device, if present on the mobile device, to act as the additional factor of authentication.
Further aspects of the invention will become apparent from consideration of the drawings and the ensuing description of preferred embodiments of the invention. A person skilled in the art will realize that other embodiments of the invention are possible and that the details of the invention can be modified in a number of respects, all without departing from the concept. Thus, the following drawings and description are to be regarded as illustrative in nature and not restrictive.
BRIEF DESCRIPTION OF DRAWINGS A complete understanding of the system and method of the present invention may be obtained by reference to the following drawings:
Fig.l depicts the invention showing representative diagram of the virtual device keyboard on top of a sample application on the mobile phone or tablet.
Fig.2 shows module outline of proposed keyboard based smart vault.
Fig.3 shows flow for a typical mobile payment process being auto-processed by the one-click checkout button on the keyboard of proposed invention. DETAILED DESCRIPTION OF THE INVENTION
The present invention relates to a system and method of secure online payment using a Trusted Personal Device, particularly a smart phone or a tablet. More particularly, the present invention relates to a system and method of simplified transactions over electronic platform involving more than one party like seller, third party payment gateway financial institution etc. Further, the present invention specifically discloses for a smart phone and a tablet, a virtual keyboard based smart vault capable of being used as auto-payment data field storage interface requiring minimal user intervention.
In a preferred embodiment of the present invention, a special virtual keyboard or a keyboard extension is proposed wherein apart from usual character entry, the keyboard is capable of being provisioned from a server to validate the Device and mobile number. The keyboard is further capable of enabling cryptographically secured storage of data, either locally or on remote server.
In another preferred embodiment of the present invention, the keyboard based smart vault stores sensitive information like details of all credit/debit cards of user, CVV numbers, Names and Addresses of corresponding cards, login and transaction passwords of bank accounts and other such sensitive/ non-sensitive data in the form of encrypted codes which is stored locally or remote servers. All the information is retrievable through a single password and/ or any other suitable authentication methods. This feature obviates the problem of carrying all the cards or remembering all passwords all the time. The system supports single password access to enable entry of data indicated as sensitive by the user. For example, if the banking application is being accessed, the user may indicate that it requires an explicit authentication by the user. Alternatively, the system allows leveraging fingerprint device or any biometric authentication device, if present on the mobile device to act as a factor of authentication. In yet another preferred embodiment of the present invention, the said keyboard saves specific data input fields in a local database using encrypted secure storage. The keyboard is capable of identifying, categorizing and fetching specific field values from one location and auto-completing the desired information on other location in a Trusted Personal Device. For instance, during a typical purchasing event, the said keyboard identifies the bank providing payment gateway, corresponding card details, like card number, CVV code, expiry date, and name on card and auto- completes the corresponding fields.
In another preferred embodiment of the present invention, the keyboard identifies the OTP received on the phone or a tablet from the message box, fetches the same and auto-complete the same in the corresponding field for secondary authentication during the transaction event.
In another embodiment, the keyboard allows third party OTP service providers and financial institutions to plug-in and directly delivers the OTP to the TPD using secure data channels as an alternative to SMS as a channel of delivery of OTP thereby reducing costs and improving security.
In another preferred embodiment, the keyboard is 'tokenization' enabled wherein the entered password/PIN/CVV is converted into another coded password before being sent to a third party server. During the validation at the bank's server, the coded password is de-coded to originally entered password/PIN/CVV. Thus, though the keyboard is a standard keyboard layout with the alphabets for the language and a special number only mode, it transforms the keyed in password/pin/cvv as the case may be, to something else in a process called tokenization. For instance, if the keyboard types 1234, it may transform into 6395 based on a secret one time transforming key passed on to the application from a designated server. This ensures that the real pin/secret is never entered on the third party merchant or app. Before the transaction reaches the issuer' authentication system, the back end servers securely communicate with the designated server to access the same key to re-transform it back to the original pin/secret. Referring to Figure 1, process flow of a transaction event is simplified wherein the keyboard based smart vault fetches information for input fields. The keyboard enters all the desired values automatically using single password authentication resulting in single click transactions. This minimizes the chances of failed transactions.
Referring to Figure 2, a typical module of proposed keyboard based smart vault is shown wherein the user can select from the optional modes of the keyboard based smart vault like, standard keyboard or smart vault modes. Further, module for provisioning and activation of the keyboard for storing data for future use is provided. Here, the user registers all information pertaining to various cards and corresponding details. The module further allows for secondary authentications like optional PIN and/or biometrics based authentication. Thus to start the application one-time pre-registration of account/card details is done along with security provisioning of the keyboard based smart vault.
Referring to Figure 3, Process flow for a typical mobile payment (checkout) process being auto-processed by the one-click checkout button on the keyboard is shown. Clicking the one-click button on the keyboard based smart vault initiates the transaction event. The system optionally requires card/wallet selection and user authentication through a PIN/ Pattern/ Biometric authentication as the case may be. Once authenticated, the keyboard based smart vault automatically fills in the fields as required and submits the form or part thereof. The keyboard is capable of handling multi-page forms requiring no additional inputs from the user and switching the pages to-and-fro. The vault keyboard reads the OTP received over SMS or on data channel to the device and enters it. It submits all forms leading to payment result page, thus obviating the user from remembering or entering all details personally every time.
Thus by using the keyboard based smart vault, the user has to remember only one or two authentication passwords for all cards/accounts, making the online banking much easier and simpler without compromising the security. WORKING SEQUENCE
The system and method of secure one-click transaction involves a smart phone or a tablet with internet access, merchant's/seller's server, financial institution's server and network operator. The sequence of events in a typical financial transaction using the present invention will be as follows: a. User equips the smart phone or the tablet with keyboard based smart vault/keyboard extension. The user enters details of all or preferred credit/debit cards or accounts and their corresponding login and transaction passwords for the provisioning of the keyboard based smart vault. The keyboard has security levels where the data entered is encrypted and secured with password and optionally additional authentication measure like biometrics or PINs. This particular step is performed once and the information is secured for future transactions. b. During an online transaction over the smart phone or tablet, the user authenticates himself for the use of keyboard based smart vault by entering the password. c. The user then selects the product to be purchased or a bill to be paid and goes for payment option. The page is redirected to a third party gateway , or to the payment gateway of any particular bank selected by the user. d. The payment gateway has fields or forms to be filled in. The fields are identified and filled automatically by the keyboard based smart vault, wherein the keyboard is capable of identifying which credit/debit card details are to be filled in. For instance, in case the payment gateway is of Bank A, details of Bank A card will be filled in automatically. Codes and passwords will be entered by the keyboard based smart vault automatically. e. Once the card details are entered, Bank shall send OTP to the user through SMS. The OTP is received by the smart phone/tablet as SMS. The OTP is identified and fetched by the keyboard based smart vault and corresponding field on the page is filled automatically. f. Once all details are logged in, the Bank approves the payment and the page is redirected to merchant's or seller's website for further steps.
Thus, using the proposed invention, the user is required to remember only one or two passwords of keyboard based smart vault. Also, the card and account details are also not required to be entered each time. In addition to the same, the user is no more required to switch from one page to another to fetch and fill OTP during the transaction.
Accordingly, in yet another embodiment of the present invention is proposed a system for secure online transactions comprising: a trusted personal device comprising a special virtual keyboard capable of being used as a data storage interface, automated data retrieval and filling system; and a keyboard based smart vault that allows secure and ergonomic storage and retrieval of form data involving one or more input fields, the data including but not limited to sensitive ones like dynamic passwords and PINs, over one or more pages, and one or more actions for field, page navigations and page submissions; and a remote server for communicating the transactions; wherein said special virtual keyboard apart from usual character entry, is capable of being provisioned by the remote server to validate the trusted personal device and validate user for secure transaction procedures; said keyboard based smart vault is further capable of enabling cryptographically secured storage of data, either locally on trusted personal device or on the remote server; said special virtual keyboard is capable of identifying, categorizing and fetching specific field values from one location and auto-completing the desired information at desired location in the trusted personal device; the system is provisioned for single step authentication of the user through keyboard based smart vault; and the system is capable of storing, identifying and fetching data pertaining to plurality of financial institutions through the keyboard based smart vault.
In yet another embodiment of the present invention is proposed a method of secure online payments using a trusted personal device comprising steps of: a. customizing the trusted personal device with a keyboard based smart vault wherein the user enters details of all or preferred financial institution data and authentication values for the provisioning of the keyboard based smart vault; b. securing said keyboard smart vault having security levels where the data entered is encrypted and secured with password and optionally additional authentication measure like biometrics or PINs wherein the step a. is performed once and the information is secured for future transactions; c. activating an online transaction over the trusted personal device wherein the user authenticates himself for the use of keyboard based smart vault by entering password; d. selecting a transaction page including but not limited to purchasing a product or paying a bill wherein the page is redirected to a third party gateway, or to the payment gateway of any particular financial institution selected by the user; e. identifying, fetching and filling automatically the fields or forms on the payment gateway using the keyboard based smart vault capable of identifying preferred financial institution data and authentication details; f. requesting and receiving validation data from corresponding financial institution server including but not limited to OTP through SMS wherein the OTP is received by the trusted personal device and is identified and fetched by the keyboard based smart vault and corresponding field on the gateway page is filled automatically; g. authenticating logged details and approving the transaction by server of corresponding financial institution; and h. redirecting page to merchant's or seller's website for completion of transaction.
It is to be understood that the present invention is not to be limited to just the preferred embodiment disclosed, but that the invention described herein is capable of numerous rearrangements, modifications and substitutions without departing from the scope of the claims hereafter.

Claims

CLAIMS We Claim :
1. An economically advanced system for secure online transactions comprising: i) a trusted personal device comprising:
a) a special virtual keyboard capable of being used as a data storage interface, automated data retrieval and filling system; and b) a keyboard based smart vault that allows secure and ergonomic storage and retrieval of form data involving one or more input fields, the data including but not limited to sensitive ones like dynamic passwords and PINs, over one or more pages, and one or more actions for field, page navigations and page submissions; and
ii) a remote server for communicating the transactions; wherein: said special virtual keyboard apart from usual character entry, is capable of being provisioned by the remote server to validate the trusted personal device and validate user for secure transaction procedures; said keyboard based smart vault is further capable of enabling cryptographically secured storage of data, either locally on trusted personal device or on the remote server; said special virtual keyboard is capable of identifying, categorizing and fetching specific field values from one location and auto-completing the desired information at desired location in the trusted personal device; the system is provisioned for single step authentication of the user through keyboard based smart vault; and the system is capable of storing, identifying and fetching data pertaining to plurality of financial institutions through the keyboard based smart vault.
2. The system for secure online transactions as claimed in claim 1 wherein the system provides auto-payment data field storage interface requiring minimal user intervention.
3. The system for secure online transactions as claimed in claim 1 wherein the online payments involves plurality of parties including but not limited to a seller, a third party payment institution, a payee, and a gateway of financial institutions.
4. The system for secure online transactions as claimed in claim 1 wherein the keyboard is capable of converting originally entered passwords into coded passwords before the authentication data being sent to third party server.
5. The system for secure online transactions as claimed in claim 1 wherein the trusted personal device includes a smart phone and a tablet.
6. The system for secure online transactions as claimed in claim 1 wherein the said keyboard based smart vault stores sensitive information like details of all credit and debit cards of user, authentication and validation data of corresponding cards, and other such sensitive and non-sensitive data in the form of encrypted codes stored locally or on the remote server.
7. The system for secure online transactions as claimed in claim 6 wherein the system supports single password and/or any other suitable authentication methods to enable entry/retrieval of said keyboard based smart vault data as indicated sensitive by the user.
8. An economically advanced system and method of secure online transactions using a trusted personal device comprising: a special virtual keyboard having field storage interface, automated field retrieval and filling means, the special virtual keyboard being enabled on the trusted personal device; a keyboard based smart vault enabled on the trusted personal device such that the smart vault allows secure and ergonomic storage and retrieval of form data involving one or more input fields, the data including but not limited to sensitive ones like dynamic passwords and PINs, over one or more pages, and one or more actions for field, page navigations and page submissions; and a remote server for communicating the transactions; wherein: said special virtual keyboard validates the trusted personal device and user for the secure transaction procedures; said keyboard based smart vault enables cryptographically secured storage of data, either locally or on the remote server; said special virtual keyboard identifies, categorizes and fetches specific field values from one location and auto-completes the desired information on a desired location in the trusted personal device; the system is provisioned for single step authentication of the user through the keyboard based smart vault; and the system is capable of storing, identifying and fetching data pertaining to plurality of financial institutions automatically through the keyboard based smart vault.
9. An ergonomically advanced method of secure online transactions using a trusted personal device comprising steps of: a. customizing the trusted personal device with a keyboard based smart vault wherein the user enters details of all or preferred financial institution data and authentication values for the provisioning of the keyboard based smart vault; b. securing said keyboard smart vault having security levels where the data entered is encrypted and secured with password and optionally additional authentication measure like biometrics or PINs wherein the step a. is performed once and the information is secured for future transactions; c. activating an online transaction over the trusted personal device wherein the user authenticates himself for the use of keyboard based smart vault by entering password; d. selecting a transaction page including but not limited to purchasing a product or paying a bill wherein the page is redirected to a third party gateway, or to the payment gateway of any particular financial institution selected by the user; e. identifying, fetching and filling automatically the fields or forms on the payment gateway using the keyboard based smart vault capable of identifying preferred financial institution data and authentication details; f. requesting and receiving validation data from corresponding financial institution server including but not limited to OTP through SMS wherein the OTP is received by the trusted personal device and is identified and fetched by the keyboard based smart vault and corresponding field on the gateway page is filled automatically; g. authenticating logged details and approving the transaction by server of corresponding financial institution; and h. redirecting page to merchant's or seller's website for completion of transaction.
10. The method of secure online transactions as claimed in claim 9 wherein the trusted personal device includes but not limited to a smart phone and a tablet.
11. The method of secure online transactions as claimed in claim 9 wherein the preferred financial institution data includes but not limited to details of credit or debit card issued by a bank.
PCT/IB2015/057481 2014-09-30 2015-09-30 System and ergonomically advantageous method for performing online secure transactions on trusted personal device Ceased WO2016051353A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN2805/DEL/2014 2014-09-30
IN2805DE2014 2014-09-30

Publications (1)

Publication Number Publication Date
WO2016051353A1 true WO2016051353A1 (en) 2016-04-07

Family

ID=55629505

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2015/057481 Ceased WO2016051353A1 (en) 2014-09-30 2015-09-30 System and ergonomically advantageous method for performing online secure transactions on trusted personal device

Country Status (1)

Country Link
WO (1) WO2016051353A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107465701A (en) * 2017-10-04 2017-12-12 刘兴丹 A kind of method, apparatus of dynamic position interface for password input
US12062036B1 (en) * 2018-03-01 2024-08-13 United Services Automobile Association (Usaa) Systems and methods for ghost card creation via a browser extension

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011128913A1 (en) * 2010-04-13 2011-10-20 Pranamesh Das Secure and shareable payment system using trusted personal device
WO2011136928A1 (en) * 2010-04-26 2011-11-03 Hawk And Seal, Inc. Secure and efficient login and transaction authentication using iphones and other smart mobile communication devices
US20140229381A1 (en) * 2011-11-01 2014-08-14 UBGreen CO., LTD. Financial transaction relay system using mobile terminal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011128913A1 (en) * 2010-04-13 2011-10-20 Pranamesh Das Secure and shareable payment system using trusted personal device
WO2011136928A1 (en) * 2010-04-26 2011-11-03 Hawk And Seal, Inc. Secure and efficient login and transaction authentication using iphones and other smart mobile communication devices
US20140229381A1 (en) * 2011-11-01 2014-08-14 UBGreen CO., LTD. Financial transaction relay system using mobile terminal

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107465701A (en) * 2017-10-04 2017-12-12 刘兴丹 A kind of method, apparatus of dynamic position interface for password input
US12062036B1 (en) * 2018-03-01 2024-08-13 United Services Automobile Association (Usaa) Systems and methods for ghost card creation via a browser extension

Similar Documents

Publication Publication Date Title
US12475456B2 (en) Secure authentication system with token service
US12099995B2 (en) Systems and methods for providing a code to a user device
CN111819555B (en) Secure remote token issuance with online authentication
US8661520B2 (en) Systems and methods for identification and authentication of a user
CA3009659C (en) Systems and methods for device push provisioning
CN107251595B (en) Secure authentication of users and mobile devices
US11810114B2 (en) Financial payment method and payment system using mobile device
US20170308896A1 (en) Methods and apparatus for brokering a transaction
US20210241266A1 (en) Enhancing 3d secure user authentication for online transactions
US20080120195A1 (en) Systems and methods for identification and authentication of a user
CN107004194A (en) The method and apparatus for the digital wallet transaction simplified
US11107081B2 (en) Systems and methods for streamlined checkout
JP2009528643A (en) Method and system for performing two-factor authentication in email and phone orders
WO2008127431A2 (en) Systems and methods for identification and authentication of a user
GB2513127A (en) Method and System for Activating Credentials
WO2014170668A1 (en) Method and system for creating a unique identifier
US20160012216A1 (en) System for policy-managed secure authentication and secure authorization
US12423450B2 (en) Data broker
RU2644132C2 (en) Method, system and device for checking validation of transaction process
US9021562B1 (en) Systems and methods for secure logon
Yu et al. Security issues of in-store mobile payment
WO2016051353A1 (en) System and ergonomically advantageous method for performing online secure transactions on trusted personal device
US9348983B2 (en) Method for controlling the access to a specific type of services and authentication device for controlling the access to such type of services
KR101062363B1 (en) Custom authentication system using OTP
AU2014100650A4 (en) NFC digital authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15845649

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15845649

Country of ref document: EP

Kind code of ref document: A1