[go: up one dir, main page]

WO2018148800A1 - Device, system, and method for visual transfer of information - Google Patents

Device, system, and method for visual transfer of information Download PDF

Info

Publication number
WO2018148800A1
WO2018148800A1 PCT/AU2018/050124 AU2018050124W WO2018148800A1 WO 2018148800 A1 WO2018148800 A1 WO 2018148800A1 AU 2018050124 W AU2018050124 W AU 2018050124W WO 2018148800 A1 WO2018148800 A1 WO 2018148800A1
Authority
WO
WIPO (PCT)
Prior art keywords
indicium
information
transaction
display
visual data
Prior art date
Application number
PCT/AU2018/050124
Other languages
French (fr)
Inventor
Simon HEWITT
Tycho Luyben
Original Assignee
Scramcard Holdings (Hong Kong) Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2017900515A external-priority patent/AU2017900515A0/en
Application filed by Scramcard Holdings (Hong Kong) Limited filed Critical Scramcard Holdings (Hong Kong) Limited
Publication of WO2018148800A1 publication Critical patent/WO2018148800A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0846On-card display means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0853On-card keyboard means

Definitions

  • the present invention relates to devices, systems, and methods for visually transferring information.
  • the present invention has particular but not exclusive application in the transfer of information to effect electronic transactions.
  • Transactions for example financial transactions using credit cards, inherently involve the transfer of information from one entity (e.g. a purchaser and/or device/system operated by the purchaser) to another entity (e.g. a vendor and/or a device/system operated by the vendor).
  • entity e.g. a purchaser and/or device/system operated by the purchaser
  • entity e.g. a vendor and/or a device/system operated by the vendor
  • the information to be transferred include for example one or more of a primary account number (PAN), card expiry date, card verification value (CVV), transaction amount, PIN, and the like.
  • PAN primary account number
  • CVV card verification value
  • Such information can be transferred from the entity making the transaction to an entity processing/receiving the transaction in a number of ways, including physical interaction (e.g. swiping a card through a card reader), contactless interaction (e.g. NFC interaction between a card and a card reader), voice (e.g. verbal telephone transaction between two humans), written (e.g. input to a form, or carbon copy imprinter), and the like.
  • physical interaction e.g. swiping a card through a card reader
  • contactless interaction e.g. NFC interaction between a card and a card reader
  • voice e.g. verbal telephone transaction between two humans
  • written e.g. input to a form, or carbon copy imprinter
  • a visual data generation and presentation device includes a processor; an input device; and a display, wherein the input device is adapted to receive transaction information, the processor is configured to generate an indicium from the transaction information, and the display is adapted to display the generated indicium in a manner suitable for imaging.
  • the transaction information includes an account number.
  • the transaction information includes a PIN.
  • the transaction information includes a transaction amount.
  • the processor is configured to generate the indicium using additional information.
  • the additional information includes a current timestamp.
  • the additional information includes a seed.
  • the additional information includes a random number generated from the seed.
  • the additional information includes a device identifier.
  • the additional information includes a PIN.
  • the visual data generation and presentation device is a smartcard.
  • the visual data generation and presentation device conforms to
  • the visual data generation and presentation device is an electronic device selected from the group consisting of: smartphone, tablet, laptop, eReader, and desktop.
  • the display is adapted to display up to 9 characters, which together make up the indicium.
  • each character is made up of up to 14 segments.
  • the display is adapted to display at least (2 14 ) 9 different indicia.
  • the range of valid indicia that can be generated is a subset of the (2 14 ) 9 different indicia.
  • the range of valid indicia contains 1 x 10 37 -1 different indicia, which each indicium in the range of valid indicia having a minimum hamming distance that facilitates error checking and/or error correction.
  • the display is configured to display the generated indicium for a limited period of time, after which period of time the generated indicium is erased from the display and any memory used to facilitate its display and generation.
  • the invention is a visual transaction system and includes a visual data generation and presentation device operable to receive and/or obtain transaction information and generate therefrom an indicium; a visual data imaging device operable to image the indicium ; and a portal providing network access to a transaction system, wherein the portal is adapted to receive the transaction information and/or indicium generated therefrom from the visual data imaging device and facilitate a transaction with the transaction system based thereon.
  • the visual data imaging device is configured to decode the indicium, obtain therefrom the transaction information, and transmit the transaction information to the portal.
  • the visual transaction system further includes a system server, the system server adapted to receive the indicium from the visual data imaging device, and decode from the indicium the transaction information, and transmit the transaction information to the portal.
  • the visual data generation and presentation device includes a processor, an input device, and a display, wherein the display is adapted to display the indicium, the input device is operable to input the transaction information, and the processor is configured to generate the indicium from the transaction information.
  • the display is adapted to display up to nine characters, each character comprising of up to 14 segments.
  • the visual data generation and presentation device is a smartcard.
  • the visual data generation and presentation device is a smartphone.
  • the portal provides network access to financial systems of a financial service provider selected from the group consisting of: a bank, a credit card company, an online payment system, and a digital currency exchange.
  • a financial service provider selected from the group consisting of: a bank, a credit card company, an online payment system, and a digital currency exchange.
  • a method for generating an indicium includes receiving and/or obtaining a plurality of first information; encoding one or more of the first information to obtain second information; forming transaction information from at least some of the first information and second information; and generating an indicium from the transaction information.
  • the plurality of first information includes a PIN, an account number, a timestamp, and a seed.
  • the second information includes a representative account number generated from the account number.
  • the representative account number is generated from a function of the account number and the timestamp
  • the second information includes a representative PIN generated from the PIN.
  • the representative PIN is generated from a function of the PIN and the seed.
  • the transaction information is a string of digits.
  • the method further comprises forming a plurality of payload packets from the transaction information, forming a number from the payload packets, and generating the indicium from the number.
  • each payload packet includes a check digit.
  • the number formed from the payload packets is a 36-digit number.
  • the 36-digit number includes a 4 digit checksum and a 32 digit payload, the 32 digit payload comprised of the plurality of payload packets.
  • a method for effecting a financial transaction includes receiving first information necessary to effect the financial transaction; obtaining and/or generating second information to facilitate the financial transaction, generating an indicium using the first and second information; displaying the generating indicium; imaging the indicium; decoding the imaged indicium to obtain the first and second information; and using one or more of the first and second information to effect the financial transaction.
  • the first information includes one or more of a transaction amount, a function account, and a security authorization.
  • the second information includes one or more of a time stamp, device identifier, seed, and encoded first information.
  • the indicium is displayed on the display for a limited window of time, after which window the indicium is erased from the display and from any memory used in the generation and/or display of the indicium.
  • the method further includes validating a security authorization included in the first information.
  • the indicium is generated and/or displayed only if the security authorization is successfully validated.
  • the indicium is generated and/or displayed regardless of whether the security authorization is successfully validated.
  • Figures 1 A and 1 B illustrates a visual data generation and presentation device according to a first aspect of the present invention
  • Figure 2 illustrates a display of the visual data generation and presentation device in greater detail
  • Figure 3 illustrates an operation of the visual data generation and presentation device to generate and present information for effecting a transaction
  • Figure 4 illustrates a visual data transaction system according to a second aspect of the present invention
  • Figures 5 and 6 illustrate an operation of the visual data transaction system, and a method of effecting a transaction using visual data
  • Figures 7A and 7B illustrates a visual data generation method in greater detail
  • Figure 8 illustrates a method for generating and decoding an indicium
  • Figure 9 illustrates a further operation of the visual data transaction system, and a further method of effecting a transaction using visual data.
  • FIG. 1 A and 1 B A visual data generation and presentation device 100 according to a first aspect of the present invention is illustrated in Figs. 1 A and 1 B.
  • the device 100 is an integrated circuit card conforming to ISO 7810.
  • the device 100 is not so limited and in other embodiments may be a card conforming to another standard, a smartphone, a tablet, a smartwatch, or general computing device such as a desktop computer, laptop computer, electronic/computing dongle, and the like.
  • the device 100 includes a display 1 -10 and an input device 1 -20 for facilitating user interaction with the device 100.
  • the input device 1 -20 is a keypad.
  • the input device 1 -20 is not so limited and in other embodiments may be, for example, a touchscreen device, keyboard, mouse, touchpad, microphone, and the like.
  • the input device 1 -20 may further include other data input means such as a fingerprint sensor, retina sensor, speech recognition device, and other biometric sensor.
  • the device 100 further includes a processor 1 -30, memories 1 -40, 1 -50, and a bus 1 -90 connecting together the display 1 -10, input device 1 -20, processor 1 -30, and memories 1 -40, 1 -50.
  • the device 100 may further include an antenna 1 -60 (for example, for NFC communication) and an EMV chip 1 -70 for effecting secure financial transaction in accordance with the EMV standard.
  • the EMV 1 -70 chip may or may not be connected to the bus 1 -90, depending on security requirements and desired functionality.
  • the display 1 -10, input device 1 -20, processor 1 -30, memories 1 -40, 1 -50, and bus 1 -90 together take in input from a user, process the input, and generate an indicium that is used to visually transfer information from the device 100, and, in this manner, together embody the device 100.
  • Fig. 2 illustrates the display 1 -10 of the device 100 in greater detail.
  • the display 1 -10 is a display capable of displaying a large number of unique indicia.
  • the display 1 -10 is a 9 character (2-10) display, with each character made up of up to 14 segments (2-20).
  • the display 1 -10 may be an LCD, LED, OLED, projector display, laser display, or any other suitable visual display means that facilitates imaging, by an imaging device, of the indicium displayed by the display 1 -10
  • the device 100 is operated to enter an operation mode configured to generate an indicium.
  • one or more inputs are provided by the user to the device 100 by way of the input device 1 -20.
  • the one or more inputs together with additional information obtained by the device 100 are processed by the processor 1 -30 of the device 100 to generate information that is to be conveyed from the device 100 externally.
  • additional information obtained by the device 100 for example a timestamp, seed, device identifier, and the like
  • the processor 1 -30 of the device 100 to generate information that is to be conveyed from the device 100 externally.
  • this information to be conveyed from the device 100 externally is referred to as transaction information.
  • a unique indicium corresponding to the transaction information is generated.
  • the transaction information is a number between 0 and (2 14 ) 9
  • the indicium that is generated is one that corresponds to that number.
  • the generated indicium is displayed on the display 1 -10 as a combination of segments 2-20, and hence characters 2-10.
  • the generated indicium is displayed for a predetermined period of time, after which time the generated indicium is erased from the display 1 -10 and any memories used in the generation and display of the generated indicium.
  • the erasure of the generated indicium in this manner after elapse of the period of time, together with the preferable use of a current timestamp in the generation of the indicium add to the security of the method and system of the present invention.
  • Fig. 4 illustrates a visual transaction system 400 according to the present invention.
  • the system 400 at its core, includes the visual data generation and presentation device 100 operated by a first user 4-10, and a visual data imaging device 4-20 operated by a second user 4-30.
  • the system 400 may further include a visual data imaging device 4-15 operated by the first user 4-10.
  • the system 400 will hereinafter be described as a financial transaction system configured to effect a financial transaction between the first user 4-10 and the second user 4-30.
  • the system 400 is not limited to that for effecting financial transactions, and could additionally/alternatively be applied to other forms of transactions or general exchange of information including, for example, digital signatures, exchange of authentication information, loyalty point transactions, proof of identity (e.g. as government issued ID, social security ID), event/entertainment tickets, redeemable coupons and vouchers, and the like.
  • the system 400 may further include one or more portals 4-50A, 4-50B, 4-50C, 4-50D, 4-50E (hereinafter collective referred to as portals 4-50) each providing access to the financial systems of respective financial service providers (e.g. credit card companies, banks, PayPalTM, BitcoinTM exchange, etc.) 4-60A, 4-60B, 4-60C, 4-60D, 4-60E (hereinafter collective referred to as financial service providers 4-60), a system server 4-70 operated by system coordinating entity 4-80, and a network 4-90 to which the visual data imaging device 4-20, portal 4-50, and system server 4-70 are connected.
  • the financial service providers 4-60 are providers with which one or more of the first user 4-10 and the second user 4-30 have an account.
  • the financial service providers 4-60 with which the first user 4-10 has accounts are linked to the visual data generation and presentation device 100, such that transactions involving the financial service providers 4-60 can be authorized and effected through the device 100.
  • the financial service providers 4-60 may be linked to the device 100, for example, through shared random seeds, PINs, encryption algorithms, and the like.
  • Methods and systems for logically linking a financial service provider to a device are disclosed in Applicant's co-pending applications PCT/AU2012/0001 10, PCT/AU2015/000106, PCT/AU2016/051095, PCT/AU2016/051216, AU2015905216, AU2016903397,
  • the device 100 is operated by the first user 4-10 (Fig. 4) to select a payment method / financial service provider linked to the device 100.
  • the first user 4- 10 has in this example selected their MastercardTM to effect a financial transaction.
  • step 6-10 and operation 510 may be skipped.
  • the device 100 is operated to select a transaction method.
  • the available transaction methods are dependent on the configuration and functionalities of one or more of the device 100, second user 4-
  • the device 100 is operated to effect a Visual Communication
  • the device 100 prompts the first user 4-10 for information necessary to effect a VC transaction.
  • information may include, but is not limited to:
  • Security authorizations e.g. PIN, one-time code, biometric input, CCV
  • the device 100 obtains (or generates) additional information for use in the generation of a one-time indicia.
  • additional information may include, but is not limited to:
  • Device identifier e.g. serial number, other device identifier
  • Encoded inputted information e.g. hash value of security authorization, other processed form of the information input at 6-20, etc.
  • the device 100 generates an indicium using one or more of the information provided at 6-20 and 6-25.
  • the indicium generated at 6-30 is displayed on the display 1 -10.
  • the generated indicium is displayed only for a limited, predetermined period of time, after which time the indicium is erased from the display and preferably also from any memory used in the generation and/or display of the one-time indicia (if not already erased). In at least this manner, the displayed indicium functions as a one-time indicium.
  • the method 600 may include a step of validating the security authorization inputted at 6-20, for example by comparing the inputted security authorization with a corresponding (whether identical, or complementary) value stored in the device 100.
  • step 6-30 may only generate the indicium if the inputted security authorization is successfully validated.
  • step 6-30 may always generate the indicium regardless of whether the inputted security authorization is successfully validated, but step 6-35 caused to display the generated indicium only if the inputted security authorization is successfully validated.
  • the indicium may be generated and/or displayed regardless of whether the inputted security authorization is successfully validated, with validation occurring at a later step, as will be described in greater detail below.
  • the generated indicium is presented to the visual data imaging device
  • the visual data imaging device 4-20 is operated by a second user 4- 30 to image the indicium presented thereto.
  • the visual data imaging device 4-20 is a smartphone with a built-in camera, and executing a software application configured to sense (i.e. image) and capture the indicium.
  • the imaged indicium is decoded and broken down to the transaction information used to generate the indicium at 6-30.
  • the transaction information, and/or other information generated therefrom, is then used by the financial systems 4-60 to effect (or decline) a transaction from the first user 4-10 to the second user 4- 30.
  • Step 6-50 may be realized differently in different embodiments of the invention.
  • the imaged indicium is decoded and broken down by the visual data imaging device 4-20, and the original transaction information used to generate the indicium at 6-30 is transmitted via the network 4-90 to an appropriate portal 4-50.
  • the portal 4-50 upon receiving the original transaction information, processes the information to effect or decline the financial transaction.
  • the imaged indicium is decoded and broken down by the visual data imaging device 4-20, and the original transaction information used to generate the indicium at 6-30 is transmitted via the network 4-90 to the system server 4-70.
  • the system server 4-70 then processes the original information, and transmits the original transaction information, and/or other information generated from the processing of the original transaction information, to an appropriate portal 4- 50.
  • the portal 4-50 upon receiving this information, processes the information to effect or decline the financial transaction.
  • the imaged indicium is transmitted via the network 4-90 to the system server 4-70.
  • the system server 4-70 decodes the indicium into the original transaction information, and transmits the original transaction information to an appropriate portal 4-50.
  • the portal 4-50 upon receiving the original transaction information, processes the information to effect or decline the financial transaction.
  • Fig. 7 illustrates an exemplary indicium 700 according to the preferred embodiment.
  • an indicium 700 of the preferred embodiment comprises 9 characters (2-10), each character made up of up to 14 segments (2-20). This allows for (2 14 ) 9 (approximately 8.5 x 10 37 ) unique indicia.
  • the preferred embodiment utilizes a range of valid indicia that is a subset of the (2 14 ) 9 available indicia.
  • visual error checking and error correction refers to error checking and correction performed at the visual level, for example at the time of the visual data imaging device 4-20 imaging the one-time indicia displayed by the display 1 -10.
  • the generation of indicium that are visually similar to one another can be avoided, thereby allowing for the visual data imaging device 4-20 to detect and possibly correct erroneously imaged indicia.
  • the range of valid indicia is limited to a subset of 1 x10 37 -1 indicia, with each indicium of the subset being chosen so as to have a predetermined minimum hamming distance from any other indicium in the subset. Accordingly, the range of valid indicia can represent a 36-digit decimal number 710.
  • the 36-digit number 710 is formed using, for example, inputs from 6-20 and 6- 25 and forms the transaction information from which the indicium 700 is then generated.
  • the exemplary 36-digit number 710 illustrated in Fig. 7 is one that is suitable for use in effecting a financial transaction. It is to be understood, however, that the breakdown of the 36-digit number 710, the length of the number 710, and other characteristics may be modified to suit various needs.
  • the 36-digit number 710 comprises:
  • the 32 digit payload 7-20 comprises 8 payload packets 7-30 of 4 digits each, as follows:
  • the above breakdowns of the 36-digit number 710 and the payload packets 7-30 are exemplary, and different compositions are possible for different purposes.
  • indicium used only for authorization purposes may not require an Account Number, but may require instead a password, passcode, date of birth, and the like.
  • other 36-digit numbers used for financial transactions may further include an amount to be transacted.
  • the Representative Account Number and/or the Representative PIN Number making up the 36-digit number 710 are generated from the actual Account Number and PIN, rather than being the actual Account Number and PIN themselves.
  • the Account Number is subject to digit-wise ADD and MOD10 functions with, for example, a current timestamp of a time-window (e.g.
  • An account having Account Number "123456789” would therefore for example have Representative Account Number "26157970” if the 36-digit number were generated at timestamp 1481232910 (rounded to 60 s).
  • a corresponding indicium is determined, generated, and displayed on the display 1 -10. Determination and generation of the indicium from the 36-digit number may be effected by a variety of methods, including a lookup table and a function.
  • a legitimate/authorized receiver of the one-time indicium can decode the indicium to obtain the 36-digit number, for example using a corresponding reverse lookup table, reverse function, or other appropriate method complementing the method used to generate the one-time indicium. From the 36-digit number, and using the current timestamp, the legitimate/authorized receiver can determine the actual Account Number from the Representative Account Number. From the actual Account Number, the legitimate/authorized receiver can then determine the seed used to generate the one-time passcode that was used to encode the actual PIN, and thereby determine the actual PIN from the Representative PIN Number. With this information, the legitimate/authorized receiver can then decide whether to effect or decline a requested transaction.
  • the indicium By generating the Representative Account Number from the actual Account Number and a timestamp, a time limit by which to decode the actual Account Number from the Representative Account Number is implicitly placed on the receiver. In this manner, and together with the aforementioned limited time window during which an indicium is displayed on the display 1 -10 and subsequently erased therefrom, the indicium functions as a one-time indicium that is different each time it is generated.
  • Fig. 8 summarizes an exemplary visual data generation and decoding method 800 for generating and decoding an indicium.
  • the obtained inputs include a PIN and an Account Number obtained from the first user 4-10 via the device 100, a current timestamp obtained directly from the device 100, and a device seed number obtained directly from the device 100.
  • the Account Number may be subjected to an encoding process to obtain the Representative Account Number.
  • the Account Number may be subjected to a digit-wise ADD and MOD10 functions with the current timestamp to obtain the Representative Account Number.
  • Other encoding functions may also be used.
  • the PIN is subject to an encoding and encryption process to obtain the Representative PIN number.
  • the PIN may be subject to an encryption function with the device seed number and a digit-wise ADD and MOD10 function with the current timestamp (in any order) to obtain the Representative PIN Number.
  • Other encryption and encoding functions may also be used.
  • the Representative Account Number and Representative PIN Number are allocated to payload packets, and appropriate checksums generated for each payload packet.
  • the payload packets are put together to form the 32-digit payload.
  • a checksum is generated for the 32-digit payload, and the generated checksum and 32-digit payload put together to form the 36-digit number.
  • an indicium corresponding to the 36-digit number is determined and/or generated. For example, a lookup table may be referenced to determine the corresponding indicium. Alternatively, the 36-digit number may be subject to a function to generate the corresponding indicium. Other methods may also be used.
  • the generated indicium is displayed on the display 1 -10.
  • the displayed indicium is imaged by the imaging device 4-20.
  • the imaging device 4-20 may perform visual-level error correction relying on the known hamming distance between valid indicia if necessary.
  • the 36-digit number corresponding to the imaged indicium is determined, using for example, a reverse lookup table, reverse function, or other method complementary to the method used to generate the indicium at 8-40.
  • the 36-digit number is broken down to obtain the Representative Account Number and Representative PIN Number.
  • the Representative Account Number is decoded using a complementary decoding process to obtain the actual Account Number.
  • the Representative Account Number may be decoded using a digit-wise inverse ADD and MOD10 function with the current timestamp. If the decoding is performed with the appropriate decoding algorithm, and within a time period where the current timestamp is still valid, the actual Account Number will be obtained.
  • the actual Account Number is used to look up a corresponding device seed number.
  • the corresponding device seed number is then used to decode the Representative PIN Number to obtain the actual PIN.
  • the actual PIN and actual Account Number are made available to effect or decline a requested transaction.
  • Step 8-55 may be performed by a backend server such as the system server 4-70.
  • the imaged indicium may be transmitted over the network 4-90 from the imaging device 4-20 to the system server 4-70, and the step of 8-55 then performed by the system server 4-70.
  • Step 8-60 may similarly be performed by a backend server such as the system server 4-70.
  • the 36-digit number derived from the imaged indicium may be transmitted over the network 4-90 from the imaging device 4-20 to the system server 4-70, or may already be available to the system sever 4-70 by way of step 8-55 having been performed by the system server 4-70.
  • the system server 4-70 then performs steps 8-60.
  • step 8-65 may also be performed by a backend server such as the system server 4-70.
  • the Representative Account Number and Representative PIN Number may be transmitted over the network 4-90 from the imaging device 4-20 to the system server 4-70, or may already be available to the system server 4-70 by way of step 8-60 having been performed by the system server 4-70.
  • step 8-70 may also be performed by a backend server such as the system server 4-70.
  • the corresponding device seed number is stored in the backend server or other accessible to the backend server in correspondence with the Account Number.
  • Fig. 9 illustrates an exemplary method and operation 900 to authenticate various parties.
  • the method and operation 900 is described in relation to the first user 4-10 desiring to authenticate themselves with a 3 rd party system in order to sign-up (e.g. set up an account) with the 3 rd party system.
  • the first user 4-10 is presented with an indicium (hereinafter referred to as a 3 rd party indicium), for example via a webpage of the 3 rd party system, that has been generated by the 3 rd party system.
  • the 3 rd party indicium is generated using a unique ID (UID) specific to and identifying the 3 rd party system and further using an encrypted authentication token, and preferably also a current timestamp so as to have a limited period of validity.
  • UID unique ID
  • the first user 4-10 images the 3 rd party indicium using a visual data imaging device 4-15.
  • the first user 4-10 uses their smartphone (as the visual data imaging device 4-15), while executing an appropriate application, to take a photo of the 3 rd party indicium.
  • the imaged 3 rd party indicium is stored in the visual data imaging device 4-15.
  • the first user 4-10 operates the visual data generation and presentation device 100 to enter the device 100 into an operation mode configured to generate personal authentication information.
  • the device 100 prompts for and receives from the first user 4-10 a PIN (or other user authentication information).
  • the PIN is then preferably encrypted by a seed and corresponding encryption function.
  • the device 100 generates a user indicium using a UID specific to and identifying the first user 4-10 and/or the device 100, and further using the encrypted PIN, and optionally a timestamp obtained from the device 100 or derived from the 3 rd party indicium (if any).
  • the first user 4-10 images the user indicium using the visual data imaging device 4-15 and stores the imaged indicium in the visual data imaging device 4-15.
  • the visual data imaging device 4-15 therefore has stored therein the 3 rd party indicium and the user indicium.
  • the user indicium and the 3 rd party indicium is transmitted to a system server 4-70, which then decodes the user indicium to obtain the user UID and encrypted PIN, and similarly decodes the 3 rd party indicium to obtain the 3 rd party UID and the encrypted authentication token.
  • the visual data imaging device 4-15 may decode the user indicium and the 3 rd party indicium to obtain the user UID, encrypted PIN, 3 rd party UID, and encrypted authentication token, and transmit same to the system server 4- 70.
  • the user UID is used to look up in the system server 4-70 a corresponding user account.
  • the user account has stored, associated or otherwise corresponded therewith information including one or more of an encrypted PIN that has been encrypted using the same seed as was used in 9-25, a seed suitable for decrypting the encrypted PIN derived from the user indicium, a seed suitable for encrypting a PIN stored in the user account, and/or a PIN stored in the user account.
  • the user account also has stored therein a profile of the first user 4-10, comprising information useful for signing up the first user 4-10 with various types of accounts.
  • the information stored in the profile includes, for example:
  • any other kind of information may be also stored in the user account, including images, audio recordings, biometric information, and other text-based, graphic- based, video-based, audio-based, and data-based information.
  • the system server 4-70 validates the identity of the first user 4-10 by comparing the encrypted PIN derived from the user indicium with the information stored in the user account. For example, the encrypted PIN derived from the user indicium may be compared with the encrypted PIN stored in the user account. Alternatively, the encrypted PIN derived from the user indicium may be decrypted using the seed stored in the user account, and the decrypted PIN compared with the PIN stored in the user account. Alternatively, the seed stored in the user account may be used to encrypt the PIN stored in the user account, and this encrypted PIN compared with the encrypted PIN derived from the user indicium. Other alternatives are possible.
  • the 3 rd party UID is similarly used to look up in the system server 4- 70 a corresponding 3 rd party account.
  • the 3 rd party account is similar to the user account described in 9-45.
  • the identity of the 3 rd party is confirmed in a similar manner to that described in 9-45 for the first user 4-10.
  • the transfer of information to effect a transaction is effected visually by generating an indicium and imaging the indicium. Effecting the transaction therefore requires only a device for generating the indicium (e.g. smartcard or smartphone) and a device for imaging the indicium (e.g. smartphone with camera). Special purpose devices such as magnetic stripe readers, NFC readers, chip readers, and the like are not required.
  • the advantages of the present invention include the ability to perform transactions in a secure manner, without having to present (e.g. type, recite, write) codes (e.g. the indicium) in a manner that is prone to copying and error.
  • the present invention allows for secure transactions to be conducted without the need for special equipment (e.g. NFC readers).

Landscapes

  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A visual data generation and presentation device includes a processor; an input device; and a display, wherein the input device is adapted to receive transaction information, the processor is configured to generate an indicium from the transaction information, and the display is adapted to display the generated indicium in a manner suitable for imaging.

Description

DEVICE, SYSTEM, AND METHOD FOR VISUAL TRANSFER OF INFORMATION
FIELD OF INVENTION
The present invention relates to devices, systems, and methods for visually transferring information. The present invention has particular but not exclusive application in the transfer of information to effect electronic transactions.
BACKGROUND OF THE INVENTION
Transactions, for example financial transactions using credit cards, inherently involve the transfer of information from one entity (e.g. a purchaser and/or device/system operated by the purchaser) to another entity (e.g. a vendor and/or a device/system operated by the vendor). The information to be transferred, in the case of credit card transactions, include for example one or more of a primary account number (PAN), card expiry date, card verification value (CVV), transaction amount, PIN, and the like.
Such information can be transferred from the entity making the transaction to an entity processing/receiving the transaction in a number of ways, including physical interaction (e.g. swiping a card through a card reader), contactless interaction (e.g. NFC interaction between a card and a card reader), voice (e.g. verbal telephone transaction between two humans), written (e.g. input to a form, or carbon copy imprinter), and the like.
These forms of information transfer, however, either require special equipment (e.g. card readers, NFC readers, carbon copy imprinters), or are manual (e.g. voice, written) and therefore tedious and at risk of human error.
OBJECT OF THE INVENTION
It is one object of the present invention to provide a device, system, and method that facilitates the transfer of information necessary for effecting a transaction, in a manner that is relatively secure, error-resistant, convenient, and less reliant on specialized hardware as compared to the methods and systems described above.
SUMMARY OF THE INVENTION According to a first aspect of the present invention, a visual data generation and presentation device includes a processor; an input device; and a display, wherein the input device is adapted to receive transaction information, the processor is configured to generate an indicium from the transaction information, and the display is adapted to display the generated indicium in a manner suitable for imaging.
In one form, the transaction information includes an account number.
In one form, the transaction information includes a PIN.
In one form, the transaction information includes a transaction amount.
Preferably, the processor is configured to generate the indicium using additional information.
In one form, the additional information includes a current timestamp.
In one form, the additional information includes a seed.
In one form, the additional information includes a random number generated from the seed.
In one form, the additional information includes a device identifier.
In one form, the additional information includes a PIN.
In one form, the visual data generation and presentation device is a smartcard.
Preferably, the visual data generation and presentation device conforms to
ISO 7810.
In one form, the visual data generation and presentation device is an electronic device selected from the group consisting of: smartphone, tablet, laptop, eReader, and desktop.
Preferably, the display is adapted to display up to 9 characters, which together make up the indicium.
Preferably, each character is made up of up to 14 segments.
Preferably, the display is adapted to display at least (214)9 different indicia. Preferably, the range of valid indicia that can be generated is a subset of the (214)9 different indicia.
Preferably, the range of valid indicia contains 1 x 10 37-1 different indicia, which each indicium in the range of valid indicia having a minimum hamming distance that facilitates error checking and/or error correction. Preferably, the display is configured to display the generated indicium for a limited period of time, after which period of time the generated indicium is erased from the display and any memory used to facilitate its display and generation.
According to a second aspect of the present invention, the invention is a visual transaction system and includes a visual data generation and presentation device operable to receive and/or obtain transaction information and generate therefrom an indicium; a visual data imaging device operable to image the indicium ; and a portal providing network access to a transaction system, wherein the portal is adapted to receive the transaction information and/or indicium generated therefrom from the visual data imaging device and facilitate a transaction with the transaction system based thereon.
In one form, the visual data imaging device is configured to decode the indicium, obtain therefrom the transaction information, and transmit the transaction information to the portal.
In one form, the visual transaction system further includes a system server, the system server adapted to receive the indicium from the visual data imaging device, and decode from the indicium the transaction information, and transmit the transaction information to the portal.
In one form, the visual data generation and presentation device includes a processor, an input device, and a display, wherein the display is adapted to display the indicium, the input device is operable to input the transaction information, and the processor is configured to generate the indicium from the transaction information.
In one form, the display is adapted to display up to nine characters, each character comprising of up to 14 segments.
In one form, the visual data generation and presentation device is a smartcard.
In one form, the visual data generation and presentation device is a smartphone.
In one from, the portal provides network access to financial systems of a financial service provider selected from the group consisting of: a bank, a credit card company, an online payment system, and a digital currency exchange.
According to a third aspect of the present invention, a method for generating an indicium includes receiving and/or obtaining a plurality of first information; encoding one or more of the first information to obtain second information; forming transaction information from at least some of the first information and second information; and generating an indicium from the transaction information.
In one form, the plurality of first information includes a PIN, an account number, a timestamp, and a seed.
In one form, the second information includes a representative account number generated from the account number.
Preferably, the representative account number is generated from a function of the account number and the timestamp
In one form, the second information includes a representative PIN generated from the PIN.
Preferably, the representative PIN is generated from a function of the PIN and the seed.
In one form, the transaction information is a string of digits.
In one form, the method further comprises forming a plurality of payload packets from the transaction information, forming a number from the payload packets, and generating the indicium from the number.
Preferably, each payload packet includes a check digit.
In one form, the number formed from the payload packets is a 36-digit number.
Preferably, the 36-digit number includes a 4 digit checksum and a 32 digit payload, the 32 digit payload comprised of the plurality of payload packets.
According to a fourth aspect of the present invention, there is a method for effecting a financial transaction and includes receiving first information necessary to effect the financial transaction; obtaining and/or generating second information to facilitate the financial transaction, generating an indicium using the first and second information; displaying the generating indicium; imaging the indicium; decoding the imaged indicium to obtain the first and second information; and using one or more of the first and second information to effect the financial transaction.
In one form, the first information includes one or more of a transaction amount, a function account, and a security authorization.
In one form, the second information includes one or more of a time stamp, device identifier, seed, and encoded first information. Preferably, the indicium is displayed on the display for a limited window of time, after which window the indicium is erased from the display and from any memory used in the generation and/or display of the indicium.
In one form, the method further includes validating a security authorization included in the first information.
In one form, the indicium is generated and/or displayed only if the security authorization is successfully validated.
In one form, the indicium is generated and/or displayed regardless of whether the security authorization is successfully validated.
The above aspects, variations, and options are to be understood as comprisable within the invention singly, or in combination with each other.
The features described with respect to one aspect also apply where applicable to all other aspects of the invention. Furthermore different combinations of described features are herein described and claimed even when not expressly stated
BRIEF DESCRIPTION OF THE DRAWINGS
In order that the present invention can be more readily understood, reference will now be made to the accompanying drawings which illustrate preferred
embodiments of the invention and wherein:
Figures 1 A and 1 B illustrates a visual data generation and presentation device according to a first aspect of the present invention;
Figure 2 illustrates a display of the visual data generation and presentation device in greater detail;
Figure 3 illustrates an operation of the visual data generation and presentation device to generate and present information for effecting a transaction;
Figure 4 illustrates a visual data transaction system according to a second aspect of the present invention;
Figures 5 and 6 illustrate an operation of the visual data transaction system, and a method of effecting a transaction using visual data;
Figures 7A and 7B illustrates a visual data generation method in greater detail;
Figure 8 illustrates a method for generating and decoding an indicium; and Figure 9 illustrates a further operation of the visual data transaction system, and a further method of effecting a transaction using visual data.
DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS
A visual data generation and presentation device 100 according to a first aspect of the present invention is illustrated in Figs. 1 A and 1 B. In a preferred embodiment, the device 100 is an integrated circuit card conforming to ISO 7810. However, the device 100 is not so limited and in other embodiments may be a card conforming to another standard, a smartphone, a tablet, a smartwatch, or general computing device such as a desktop computer, laptop computer, electronic/computing dongle, and the like.
As illustrated in Fig. 1 A, the device 100 includes a display 1 -10 and an input device 1 -20 for facilitating user interaction with the device 100. In the preferred embodiment, the input device 1 -20 is a keypad. However, the input device 1 -20 is not so limited and in other embodiments may be, for example, a touchscreen device, keyboard, mouse, touchpad, microphone, and the like. The input device 1 -20 may further include other data input means such as a fingerprint sensor, retina sensor, speech recognition device, and other biometric sensor.
As illustrated in Fig. 1 B, the device 100 further includes a processor 1 -30, memories 1 -40, 1 -50, and a bus 1 -90 connecting together the display 1 -10, input device 1 -20, processor 1 -30, and memories 1 -40, 1 -50. In the case where the device 100 is also a payment integrated circuit card, such as a payment integrated circuit card as disclosed in any one of Applicant's co-pending applications PCT/AU2012/0001 10, PCT/AU2015/000106, PCT/AU2016/051095, PCT/AU2016/051216, AU2015905216, AU2016903397, AU2016904623, AU2016904624 (the contents of which are incorporate herein by reference), the device 100 may further include an antenna 1 -60 (for example, for NFC communication) and an EMV chip 1 -70 for effecting secure financial transaction in accordance with the EMV standard. The EMV 1 -70 chip may or may not be connected to the bus 1 -90, depending on security requirements and desired functionality.
The display 1 -10, input device 1 -20, processor 1 -30, memories 1 -40, 1 -50, and bus 1 -90 together take in input from a user, process the input, and generate an indicium that is used to visually transfer information from the device 100, and, in this manner, together embody the device 100.
Fig. 2 illustrates the display 1 -10 of the device 100 in greater detail. The display 1 -10 is a display capable of displaying a large number of unique indicia. In the preferred embodiment, the display 1 -10 is a 9 character (2-10) display, with each character made up of up to 14 segments (2-20). The display according to the preferred embodiment is thereby capable of displaying up to around (214)9 = 8.5 x 1037 unique indicia, wherein an indicium in this case is comprised of the combination of segments, and in turn the combination of characters, displayed by the display 1 - 10.
The display 1 -10 may be an LCD, LED, OLED, projector display, laser display, or any other suitable visual display means that facilitates imaging, by an imaging device, of the indicium displayed by the display 1 -10
With reference to Fig. 3, an operation 300 for generating an indicium for display on the display 1 -10 is described.
At 3-10, the device 100 is operated to enter an operation mode configured to generate an indicium.
At 3-20, one or more inputs are provided by the user to the device 100 by way of the input device 1 -20.
At 3-30, the one or more inputs together with additional information obtained by the device 100, for example a timestamp, seed, device identifier, and the like, are processed by the processor 1 -30 of the device 100 to generate information that is to be conveyed from the device 100 externally. Hereinafter, this information to be conveyed from the device 100 externally is referred to as transaction information.
At 3-40, a unique indicium corresponding to the transaction information is generated. In the preferred embodiment, the transaction information is a number between 0 and (214)9, and the indicium that is generated is one that corresponds to that number.
At 3-50, the generated indicium is displayed on the display 1 -10 as a combination of segments 2-20, and hence characters 2-10. In the preferred embodiment, the generated indicium is displayed for a predetermined period of time, after which time the generated indicium is erased from the display 1 -10 and any memories used in the generation and display of the generated indicium. The erasure of the generated indicium in this manner after elapse of the period of time, together with the preferable use of a current timestamp in the generation of the indicium (as will be described in greater detail below), add to the security of the method and system of the present invention.
Fig. 4 illustrates a visual transaction system 400 according to the present invention. The system 400, at its core, includes the visual data generation and presentation device 100 operated by a first user 4-10, and a visual data imaging device 4-20 operated by a second user 4-30. The system 400 may further include a visual data imaging device 4-15 operated by the first user 4-10.
For the purposes of facilitating description of the present invention, the system 400 will hereinafter be described as a financial transaction system configured to effect a financial transaction between the first user 4-10 and the second user 4-30. However, it is to be understood that the system 400 is not limited to that for effecting financial transactions, and could additionally/alternatively be applied to other forms of transactions or general exchange of information including, for example, digital signatures, exchange of authentication information, loyalty point transactions, proof of identity (e.g. as government issued ID, social security ID), event/entertainment tickets, redeemable coupons and vouchers, and the like.
In embodiments of the system 400, the system 400 may further include one or more portals 4-50A, 4-50B, 4-50C, 4-50D, 4-50E (hereinafter collective referred to as portals 4-50) each providing access to the financial systems of respective financial service providers (e.g. credit card companies, banks, PayPal™, Bitcoin™ exchange, etc.) 4-60A, 4-60B, 4-60C, 4-60D, 4-60E (hereinafter collective referred to as financial service providers 4-60), a system server 4-70 operated by system coordinating entity 4-80, and a network 4-90 to which the visual data imaging device 4-20, portal 4-50, and system server 4-70 are connected. The financial service providers 4-60 are providers with which one or more of the first user 4-10 and the second user 4-30 have an account. The financial service providers 4-60 with which the first user 4-10 has accounts are linked to the visual data generation and presentation device 100, such that transactions involving the financial service providers 4-60 can be authorized and effected through the device 100. The financial service providers 4-60 may be linked to the device 100, for example, through shared random seeds, PINs, encryption algorithms, and the like. Methods and systems for logically linking a financial service provider to a device are disclosed in Applicant's co-pending applications PCT/AU2012/0001 10, PCT/AU2015/000106, PCT/AU2016/051095, PCT/AU2016/051216, AU2015905216, AU2016903397,
AU2016904623, AU2016904624.
With reference to Figs. 4, 5 and 6, an exemplary operation of the system 400 and device 100, and a method 600 for effecting a financial transaction using visual data, are described.
At 6-10 (Fig. 6) of the method 600, and as illustrated by an operation 510 (Fig.
5) of the visual data generation and presentation device 100, the device 100 is operated by the first user 4-10 (Fig. 4) to select a payment method / financial service provider linked to the device 100. As illustrated by the operation 510, the first user 4- 10 has in this example selected their Mastercard™ to effect a financial transaction.
In the event that only one payment method / financial service provider is linked to the device 100, step 6-10 and operation 510 may be skipped.
At 6-15, and as illustrated by operation 520, the device 100 is operated to select a transaction method. The available transaction methods are dependent on the configuration and functionalities of one or more of the device 100, second user 4-
30 (who may be a vendor receiving payment, for example), and the financial service providers 4-60, but may for example include (though not limited to) a remote (card not present) transaction, a contact-based (e.g. card inserted/swiped) point-of-sale transaction, a contactless (e.g. Near Field Communication) point-of-sale transaction, a Visual Communication point-of-sale transaction, and/or a combination of such methods. In this example, the device 100 is operated to effect a Visual
Communication (VC) transaction.
At 6-20, and as illustrated by operation 530, the device 100 prompts the first user 4-10 for information necessary to effect a VC transaction. Such information may include, but is not limited to:
• Transaction amount
• Funding account / Other account number
• Security authorizations (e.g. PIN, one-time code, biometric input, CCV) At 6-25, the device 100 obtains (or generates) additional information for use in the generation of a one-time indicia. Such information may include, but is not limited to:
• Current timestamp
• Device identifier (e.g. serial number, other device identifier) • Seed
• Encoded inputted information (e.g. hash value of security authorization, other processed form of the information input at 6-20, etc.)
At 6-30, the device 100 generates an indicium using one or more of the information provided at 6-20 and 6-25.
At 6-35, the indicium generated at 6-30 is displayed on the display 1 -10. In the preferred embodiment, the generated indicium is displayed only for a limited, predetermined period of time, after which time the indicium is erased from the display and preferably also from any memory used in the generation and/or display of the one-time indicia (if not already erased). In at least this manner, the displayed indicium functions as a one-time indicium.
In some embodiments, the method 600 may include a step of validating the security authorization inputted at 6-20, for example by comparing the inputted security authorization with a corresponding (whether identical, or complementary) value stored in the device 100. In such embodiments, step 6-30 may only generate the indicium if the inputted security authorization is successfully validated.
Alternatively, in such embodiments, step 6-30 may always generate the indicium regardless of whether the inputted security authorization is successfully validated, but step 6-35 caused to display the generated indicium only if the inputted security authorization is successfully validated.
In other embodiments, the indicium may be generated and/or displayed regardless of whether the inputted security authorization is successfully validated, with validation occurring at a later step, as will be described in greater detail below.
At 6-40, the generated indicium is presented to the visual data imaging device
4-20.
At 6-45, the visual data imaging device 4-20 is operated by a second user 4- 30 to image the indicium presented thereto. In one embodiment, the visual data imaging device 4-20 is a smartphone with a built-in camera, and executing a software application configured to sense (i.e. image) and capture the indicium.
At 6-50, the imaged indicium is decoded and broken down to the transaction information used to generate the indicium at 6-30. The transaction information, and/or other information generated therefrom, is then used by the financial systems 4-60 to effect (or decline) a transaction from the first user 4-10 to the second user 4- 30.
Step 6-50 may be realized differently in different embodiments of the invention.
In one embodiment, at 6-50 the imaged indicium is decoded and broken down by the visual data imaging device 4-20, and the original transaction information used to generate the indicium at 6-30 is transmitted via the network 4-90 to an appropriate portal 4-50. The portal 4-50, upon receiving the original transaction information, processes the information to effect or decline the financial transaction.
In another embodiment, at 6-50 the imaged indicium is decoded and broken down by the visual data imaging device 4-20, and the original transaction information used to generate the indicium at 6-30 is transmitted via the network 4-90 to the system server 4-70. The system server 4-70 then processes the original information, and transmits the original transaction information, and/or other information generated from the processing of the original transaction information, to an appropriate portal 4- 50. The portal 4-50, upon receiving this information, processes the information to effect or decline the financial transaction.
In another embodiment, at 6-50 the imaged indicium is transmitted via the network 4-90 to the system server 4-70. The system server 4-70 decodes the indicium into the original transaction information, and transmits the original transaction information to an appropriate portal 4-50. The portal 4-50, upon receiving the original transaction information, processes the information to effect or decline the financial transaction.
Fig. 7 illustrates an exemplary indicium 700 according to the preferred embodiment.
As previously described, an indicium 700 of the preferred embodiment comprises 9 characters (2-10), each character made up of up to 14 segments (2-20). This allows for (214)9 (approximately 8.5 x 1037) unique indicia. To allow for visual- level error checking and error correction, the preferred embodiment utilizes a range of valid indicia that is a subset of the (214)9 available indicia. As used herein, visual error checking and error correction refers to error checking and correction performed at the visual level, for example at the time of the visual data imaging device 4-20 imaging the one-time indicia displayed by the display 1 -10. By utilizing a range of valid indicia that is a subset of the (214)9 available indicia, the generation of indicium that are visually similar to one another can be avoided, thereby allowing for the visual data imaging device 4-20 to detect and possibly correct erroneously imaged indicia.
In one application of the preferred embodiment, the range of valid indicia is limited to a subset of 1 x1037-1 indicia, with each indicium of the subset being chosen so as to have a predetermined minimum hamming distance from any other indicium in the subset. Accordingly, the range of valid indicia can represent a 36-digit decimal number 710.
The 36-digit number 710 is formed using, for example, inputs from 6-20 and 6- 25 and forms the transaction information from which the indicium 700 is then generated. The exemplary 36-digit number 710 illustrated in Fig. 7 is one that is suitable for use in effecting a financial transaction. It is to be understood, however, that the breakdown of the 36-digit number 710, the length of the number 710, and other characteristics may be modified to suit various needs.
The 36-digit number 710 comprises:
• A 4 digit checksum header 7-10; and
• A 32 digit payload 7-20.
The 32 digit payload 7-20 comprises 8 payload packets 7-30 of 4 digits each, as follows:
· Payload Packetl :
o Checksum
o Free/Unallocated Value
o Free/Unallocated Value
o Free/Unallocated Value
· Payload Packet 2:
o Checksum
o Free/Unallocated Value
o Free/Unallocated Value
o Free/Unallocated Value
· Payload Packet 3:
o Checksum
o Free/Unallocated Value
o Representative Account Number (1 of 9) o Representative Account Number (2 of 9)
• Payload Packet 4
o Checksum
o Representative Account Number (3 of 9)
o Representative Account Number (4 of 9)
o Representative Account Number (5 of 9)
• Payload Packet 5
o Checksum
o Representative Account Number (6 of 9)
o Representative Account Number (7 of 9)
o Representative Account Number (8 of 9)
Payload Packet 6
o Checksum
o Account Number (9 of 9)
o Representative PIN Number (1 of 8)
o Representative PIN Number (2 of 8)
• Payload Packet 7
o Checksum
o Representative PIN Number (3 of 8)
o Representative PIN Number (4 of 8)
o Representative PIN Number (5 of 8)
• Payload Packet 8
o Checksum
o Representati PIN Number (6 of 8)
o Representati PIN Number (7 of 8)
o Representati PIN Number (8 of 8)
As mentioned previously, the above breakdowns of the 36-digit number 710 and the payload packets 7-30 are exemplary, and different compositions are possible for different purposes. For example, indicium used only for authorization purposes may not require an Account Number, but may require instead a password, passcode, date of birth, and the like. Alternatively, other 36-digit numbers used for financial transactions may further include an amount to be transacted. In the preferred embodiment, the Representative Account Number and/or the Representative PIN Number making up the 36-digit number 710 are generated from the actual Account Number and PIN, rather than being the actual Account Number and PIN themselves. In the preferred embodiment, the Account Number is subject to digit-wise ADD and MOD10 functions with, for example, a current timestamp of a time-window (e.g. 30 s time window) to generate the Representative Account Number, and the PIN is subject to encoding using a seed-generated one-time passcode from the device 100. In this manner, even though the actual Account Number and PIN are static, unchanging values, the Representative Account Number and Representative PIN Number are ever changing.
An account having Account Number "123456789" would therefore for example have Representative Account Number "26157970" if the 36-digit number were generated at timestamp 1481232910 (rounded to 60 s).
Once the 36-digit number is generated, a corresponding indicium is determined, generated, and displayed on the display 1 -10. Determination and generation of the indicium from the 36-digit number may be effected by a variety of methods, including a lookup table and a function.
A legitimate/authorized receiver of the one-time indicium can decode the indicium to obtain the 36-digit number, for example using a corresponding reverse lookup table, reverse function, or other appropriate method complementing the method used to generate the one-time indicium. From the 36-digit number, and using the current timestamp, the legitimate/authorized receiver can determine the actual Account Number from the Representative Account Number. From the actual Account Number, the legitimate/authorized receiver can then determine the seed used to generate the one-time passcode that was used to encode the actual PIN, and thereby determine the actual PIN from the Representative PIN Number. With this information, the legitimate/authorized receiver can then decide whether to effect or decline a requested transaction.
By generating the Representative Account Number from the actual Account Number and a timestamp, a time limit by which to decode the actual Account Number from the Representative Account Number is implicitly placed on the receiver. In this manner, and together with the aforementioned limited time window during which an indicium is displayed on the display 1 -10 and subsequently erased therefrom, the indicium functions as a one-time indicium that is different each time it is generated.
Fig. 8 summarizes an exemplary visual data generation and decoding method 800 for generating and decoding an indicium.
At 8-10, inputs are obtained for generating a 36-digit number. For the purposes of description, the obtained inputs include a PIN and an Account Number obtained from the first user 4-10 via the device 100, a current timestamp obtained directly from the device 100, and a device seed number obtained directly from the device 100.
At 8-15, the Account Number may be subjected to an encoding process to obtain the Representative Account Number. For example, the Account Number may be subjected to a digit-wise ADD and MOD10 functions with the current timestamp to obtain the Representative Account Number. Other encoding functions may also be used.
At 8-20, the PIN is subject to an encoding and encryption process to obtain the Representative PIN number. For example, the PIN may be subject to an encryption function with the device seed number and a digit-wise ADD and MOD10 function with the current timestamp (in any order) to obtain the Representative PIN Number. Other encryption and encoding functions may also be used.
At 8-25, the Representative Account Number and Representative PIN Number are allocated to payload packets, and appropriate checksums generated for each payload packet.
At 8-30, the payload packets are put together to form the 32-digit payload.
At 8-35, a checksum is generated for the 32-digit payload, and the generated checksum and 32-digit payload put together to form the 36-digit number.
At 8-40, an indicium corresponding to the 36-digit number is determined and/or generated. For example, a lookup table may be referenced to determine the corresponding indicium. Alternatively, the 36-digit number may be subject to a function to generate the corresponding indicium. Other methods may also be used.
At 8-45, the generated indicium is displayed on the display 1 -10.
At 8-50, the displayed indicium is imaged by the imaging device 4-20. The imaging device 4-20 may perform visual-level error correction relying on the known hamming distance between valid indicia if necessary. At 8-55, the 36-digit number corresponding to the imaged indicium is determined, using for example, a reverse lookup table, reverse function, or other method complementary to the method used to generate the indicium at 8-40.
At 8-60, the 36-digit number is broken down to obtain the Representative Account Number and Representative PIN Number.
At 8-65, the Representative Account Number is decoded using a complementary decoding process to obtain the actual Account Number. For example, the Representative Account Number may be decoded using a digit-wise inverse ADD and MOD10 function with the current timestamp. If the decoding is performed with the appropriate decoding algorithm, and within a time period where the current timestamp is still valid, the actual Account Number will be obtained.
At 8-70, the actual Account Number is used to look up a corresponding device seed number. The corresponding device seed number is then used to decode the Representative PIN Number to obtain the actual PIN.
At 8-80, the actual PIN and actual Account Number are made available to effect or decline a requested transaction.
Step 8-55 may be performed by a backend server such as the system server 4-70. For example, the imaged indicium may be transmitted over the network 4-90 from the imaging device 4-20 to the system server 4-70, and the step of 8-55 then performed by the system server 4-70.
Step 8-60 may similarly be performed by a backend server such as the system server 4-70. For example, the 36-digit number derived from the imaged indicium may be transmitted over the network 4-90 from the imaging device 4-20 to the system server 4-70, or may already be available to the system sever 4-70 by way of step 8-55 having been performed by the system server 4-70. The system server 4-70 then performs steps 8-60.
Similarly, step 8-65 may also be performed by a backend server such as the system server 4-70. For example, the Representative Account Number and Representative PIN Number may be transmitted over the network 4-90 from the imaging device 4-20 to the system server 4-70, or may already be available to the system server 4-70 by way of step 8-60 having been performed by the system server 4-70.
Similarly, step 8-70 may also be performed by a backend server such as the system server 4-70. Specifically, the corresponding device seed number is stored in the backend server or other accessible to the backend server in correspondence with the Account Number.
Fig. 9 illustrates an exemplary method and operation 900 to authenticate various parties. For purposes of description, the method and operation 900 is described in relation to the first user 4-10 desiring to authenticate themselves with a 3rd party system in order to sign-up (e.g. set up an account) with the 3rd party system.
At 9-10 of the method and operation 900, the first user 4-10 is presented with an indicium (hereinafter referred to as a 3rd party indicium), for example via a webpage of the 3rd party system, that has been generated by the 3rd party system. The 3rd party indicium is generated using a unique ID (UID) specific to and identifying the 3rd party system and further using an encrypted authentication token, and preferably also a current timestamp so as to have a limited period of validity.
At 9-15, the first user 4-10 images the 3rd party indicium using a visual data imaging device 4-15. For example, the first user 4-10 uses their smartphone (as the visual data imaging device 4-15), while executing an appropriate application, to take a photo of the 3rd party indicium. The imaged 3rd party indicium is stored in the visual data imaging device 4-15.
At 9-20, the first user 4-10 operates the visual data generation and presentation device 100 to enter the device 100 into an operation mode configured to generate personal authentication information.
At 9-25, the device 100 prompts for and receives from the first user 4-10 a PIN (or other user authentication information). The PIN is then preferably encrypted by a seed and corresponding encryption function.
At 9-30, the device 100 generates a user indicium using a UID specific to and identifying the first user 4-10 and/or the device 100, and further using the encrypted PIN, and optionally a timestamp obtained from the device 100 or derived from the 3rd party indicium (if any).
At 9-35, the first user 4-10 images the user indicium using the visual data imaging device 4-15 and stores the imaged indicium in the visual data imaging device 4-15.
At this stage, the visual data imaging device 4-15 therefore has stored therein the 3rd party indicium and the user indicium.
At 9-40, the user indicium and the 3rd party indicium is transmitted to a system server 4-70, which then decodes the user indicium to obtain the user UID and encrypted PIN, and similarly decodes the 3rd party indicium to obtain the 3rd party UID and the encrypted authentication token.
Alternatively, the visual data imaging device 4-15 may decode the user indicium and the 3rd party indicium to obtain the user UID, encrypted PIN, 3rd party UID, and encrypted authentication token, and transmit same to the system server 4- 70.
At 9-45, the user UID is used to look up in the system server 4-70 a corresponding user account. The user account has stored, associated or otherwise corresponded therewith information including one or more of an encrypted PIN that has been encrypted using the same seed as was used in 9-25, a seed suitable for decrypting the encrypted PIN derived from the user indicium, a seed suitable for encrypting a PIN stored in the user account, and/or a PIN stored in the user account.
The user account also has stored therein a profile of the first user 4-10, comprising information useful for signing up the first user 4-10 with various types of accounts. The information stored in the profile includes, for example:
Name
Username
Account Number / UID
Addresses
· Phone numbers
Emails
Other contact details
Age
Occupation
· Gender
It is to be understood that the above examples of information are not limiting, and any other kind of information may be also stored in the user account, including images, audio recordings, biometric information, and other text-based, graphic- based, video-based, audio-based, and data-based information.
The system server 4-70 validates the identity of the first user 4-10 by comparing the encrypted PIN derived from the user indicium with the information stored in the user account. For example, the encrypted PIN derived from the user indicium may be compared with the encrypted PIN stored in the user account. Alternatively, the encrypted PIN derived from the user indicium may be decrypted using the seed stored in the user account, and the decrypted PIN compared with the PIN stored in the user account. Alternatively, the seed stored in the user account may be used to encrypt the PIN stored in the user account, and this encrypted PIN compared with the encrypted PIN derived from the user indicium. Other alternatives are possible.
At 9-50, the 3rd party UID is similarly used to look up in the system server 4- 70 a corresponding 3rd party account. The 3rd party account is similar to the user account described in 9-45. The identity of the 3rd party is confirmed in a similar manner to that described in 9-45 for the first user 4-10.
At 9-55, once both the identity of the 3rd party and the first user 4-10 have been confirmed, information from the profile of the first user 4-10 is provided to the 3rd party to set up an account for the first user 4-10 with the 3rd party.
According to the present invention, the transfer of information to effect a transaction is effected visually by generating an indicium and imaging the indicium. Effecting the transaction therefore requires only a device for generating the indicium (e.g. smartcard or smartphone) and a device for imaging the indicium (e.g. smartphone with camera). Special purpose devices such as magnetic stripe readers, NFC readers, chip readers, and the like are not required.
In not requiring such special purpose devices to effect a transaction, transactions at a peer-to-peer level, for example between two individuals, are more readily facilitated. Transactions can also be effected in a more mobile manner by not requiring such special purpose devices, and instead requiring only an imaging device such as the ubiquitous smartphone.
ADVANTAGES
The advantages of the present invention include the ability to perform transactions in a secure manner, without having to present (e.g. type, recite, write) codes (e.g. the indicium) in a manner that is prone to copying and error.
Additionally, the present invention allows for secure transactions to be conducted without the need for special equipment (e.g. NFC readers).
The time limited manner in which a code (e.g. indicium) is displayed and valid further increases the security of the present invention. VARIATIONS
It will of course be realised that while the foregoing has been given by way of illustrative example of this invention, all such and other modifications and variations thereto as would be apparent to persons skilled in the art are deemed to fall within the broad scope and ambit of this invention as is herein set forth.
Throughout the description and claims of this specification the word "comprise" and variations of that word such as "comprises" and "comprising", are not intended to exclude other additives, components, integers or steps.

Claims

1 . A visual data generation and presentation device comprising
a processor;
an input device; and
a display, wherein the input device is adapted to receive transaction information, the processor is configured to generate an indicium from the transaction information, and the display is adapted to display the generated indicium in a manner suitable for imaging.
2. A visual data generation and presentation device as claimed in claim 1 wherein comprises one or more of an account number, a PIN, and a transaction amount.
3. A visual data generation and presentation device as claimed in claim 1 or 2, wherein the processor is configured to generate the indicium using additional information; said additional information is selected from one or more of the following : a current timestamp, a seed, a random number generated from the seed, a device identifier, a PIN.
4. A visual data generation and presentation device as claimed in claim 1 wherein the device is a smartcard, a smartphone, a tablet, a laptop, an eReader, or a desktop computer.
5. A visual data generation and presentation device as claimed in claim 1 wherein the display is adapted to display up to 9 characters, which together make up the indicium.
6. A visual data generation and presentation device as claimed in claim 5 wherein each character is made up of up to 14 segments and the display is adapted to display at least (214)9 different indicia.
7. A visual data generation and presentation device as claimed in claim 6, wherein the range of valid indicia that can be generated is a subset of the (214)9 different indicia.
8. A visual data generation and presentation device as claimed in any one of the aforementioned claims, wherein the display is configured to display the generated indicium for a limited period of time, after which period of time the generated indicium is erased from the display and any memory used to facilitate its display and generation.
9. A visual transaction system comprising a visual data generation and presentation device operable to receive and/or obtain transaction information and generate therefrom an indicium; a visual data imaging device operable to image the indicium; and a portal providing network access to a transaction system, wherein the portal is adapted to receive the transaction information and/or indicium generated therefrom from the visual data imaging device and facilitate a transaction with the transaction system based thereon.
10. A visual transaction system as claimed in claim 9, wherein the visual data imaging device is configured to decode the indicium, obtain therefrom the transaction information, and transmit the transaction information to the portal.
1 1 . A visual transaction system as claimed in claim 9, wherein the visual transaction system further includes a system server, the system server adapted to receive the indicium from the visual data imaging device, and decode from the indicium the transaction information, and transmit the transaction information to the portal.
12. A visual transaction system as claimed in claim 9, wherein the visual data generation and presentation device comprises a processor, an input device, and a display, wherein the display is adapted to display the indicium, the input device is operable to input the transaction information, and the processor is configured to generate the indicium from the transaction information.
13. A visual transaction system as claimed in claim 9, wherein the display is adapted to display up to nine characters, each character comprising of up to 14 segments.
14. A visual transaction system as claimed in claim 9, wherein the portal provides network access to financial systems of a financial service provider selected from the group consisting of: a bank, a credit card company, an online payment system, and a digital currency exchange.
15. A method for generating an indicium using the visual data generation and presentation device as claimed in any one of claims 1 to 8, comprising receiving and/or obtaining a plurality of first information; encoding one or more of the first information to obtain second information; forming transaction information from at least some of the first information and second information; and generating an indicium from the transaction information.
16. A method as claimed in claim 15, wherein the plurality of first information comprises two or more of a PIN, an account number, a timestamp, and a seed; the second information comprises a representative account number generated from a function of the account number and the timestamp, the second information comprises a representative PIN generated from a function of the PIN and the seed.
17. A method as claimed in claim 15, wherein the transaction information is a string of digits.
18. A method as claimed in claim 15, wherein the method further comprises forming a plurality of payload packets from the transaction information, forming a number from the payload packets, and generating the indicium from the number.
19. A method as claimed in claim 18, wherein each payload packet includes a check digit.
20. A method as claimed in claims 18 or 19, wherein the number formed from the payload packets is a 36-digit number, the 36-digit number includes a 4 digit checksum and a 32 digit payload, the 32 digit payload comprised of the plurality of payload packets.
21 . A method for effecting a financial transaction using the visual data generation and presentation device as claimed in any one of claims 1 to 8, comprising receiving first information necessary to effect the financial transaction; obtaining and/or generating second information to facilitate the financial transaction, generating an indicium using the first and second information; displaying the generating indicium; imaging the indicium; decoding the imaged indicium to obtain the first and second information; and using one or more of the first and second information to effect the financial transaction.
22. A method as claimed in claim 21 , wherein the first information comprises one or more of a transaction amount, a function account, and a security authorization, the second information comprises one or more of a time stamp, device identifier, seed, and encoded first information.
23. A method as claimed in claim 21 or 22, wherein the indicium is displayed on the display for a limited window of time, after which window the indicium is erased from the display and from any memory used in the generation and/or display of the indicium.
24. A method as claimed in claim 21 or 22, wherein the method further comprises validating a security authorization included in the first information.
25. A method as claimed in claim 24, wherein the indicium is generated and/or displayed only if the security authorization is successfully validated.
26. A method as claimed in claim 24, wherein the indicium is generated and/or displayed regardless of whether the security authorization is successfully validated.
PCT/AU2018/050124 2017-02-17 2018-02-15 Device, system, and method for visual transfer of information WO2018148800A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2017900515A AU2017900515A0 (en) 2017-02-17 Device, system, and method for visual transfer of information
AU2017900515 2017-02-17

Publications (1)

Publication Number Publication Date
WO2018148800A1 true WO2018148800A1 (en) 2018-08-23

Family

ID=63169111

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2018/050124 WO2018148800A1 (en) 2017-02-17 2018-02-15 Device, system, and method for visual transfer of information

Country Status (1)

Country Link
WO (1) WO2018148800A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110231270A1 (en) * 2010-03-17 2011-09-22 Verifone, Inc. Payment systems and methodologies
US20140129428A1 (en) * 2012-11-05 2014-05-08 Mfoundry, Inc. Qr code-enabled p2p payment systems and methods
US8931703B1 (en) * 2009-03-16 2015-01-13 Dynamics Inc. Payment cards and devices for displaying barcodes
US20160042263A1 (en) * 2014-08-11 2016-02-11 Ajit Gaddam Mobile device with scannable image including dynamic data

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8931703B1 (en) * 2009-03-16 2015-01-13 Dynamics Inc. Payment cards and devices for displaying barcodes
US20110231270A1 (en) * 2010-03-17 2011-09-22 Verifone, Inc. Payment systems and methodologies
US20140129428A1 (en) * 2012-11-05 2014-05-08 Mfoundry, Inc. Qr code-enabled p2p payment systems and methods
US20160042263A1 (en) * 2014-08-11 2016-02-11 Ajit Gaddam Mobile device with scannable image including dynamic data

Similar Documents

Publication Publication Date Title
US11736296B2 (en) Biometric verification process using certification token
EP3632034B1 (en) Methods and systems for ownership verification using blockchain
CN103679457B (en) Method of payment, the paying server and payment system for performing the method for payment
CN107077670B (en) Method and apparatus for transmitting and processing transaction messages, computer readable storage medium
CA2945703C (en) Systems, apparatus and methods for improved authentication
CN105590199B (en) A payment method and payment system based on dynamic two-dimensional code
US7571461B2 (en) Personal website for electronic commerce on a smart Java card with multiple security check points
KR101150241B1 (en) Method and system for authorizing a transaction using a dynamic authorization code
US20070278291A1 (en) Methods and Systems for Two-Factor Authentication Using Contactless Chip Cards or Devices and Mobile Devices or Dedicated Personal Readers
US12293367B2 (en) Systems and methods for facilitating biometric tokenless authentication for services
US20150227931A1 (en) System and method for authorizing a transaction
CN111742314B (en) Biometric sensor on portable device
JP2019527950A (en) Communication device, point-of-sale terminal, payment device, and method
US10503936B2 (en) Systems and methods for utilizing magnetic fingerprints obtained using magnetic stripe card readers to derive transaction tokens
US9973926B2 (en) Secure multi-channel communication system and method
CN112352237A (en) System and method for authentication code entry
AU2014307582B2 (en) System and method for generating payment credentials
WO2018148800A1 (en) Device, system, and method for visual transfer of information
EP2862117B1 (en) Method and system for authenticating messages
WO2014003684A1 (en) Terminal and method of authentication
John METHOD AND SYSTEM FOR SECURE CREDENTIAL GENERATION
Gabhane et al. Generation Of Two Level QR Code For Banking Systems

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18753656

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18753656

Country of ref document: EP

Kind code of ref document: A1