Method and apparatus for managing credentials through a wireless network
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-015/16
G06Q-020/00
출원번호
US-0040847
(2005-01-21)
등록번호
US-8700729
(2014-04-15)
발명자
/ 주소
Dua, Robin
출원인 / 주소
Dua, Robin
대리인 / 주소
Stanzione & Kim, LLP
인용정보
피인용 횟수 :
103인용 특허 :
20
초록▼
A novel system and methodology for conducting financial and other transactions using a wireless device. Credentials may be selectively issued by issuers such as credit card companies, banks, and merchants to consumers permitting the specific consumer to conduct a transaction according to the authori
A novel system and methodology for conducting financial and other transactions using a wireless device. Credentials may be selectively issued by issuers such as credit card companies, banks, and merchants to consumers permitting the specific consumer to conduct a transaction according to the authorization given as reflected by the credential or set of credentials. The preferred mechanism for controlling and distributing credentials according to the present invention is through one or more publicly accessible networks such as the Internet wherein the system design and operating characteristics are in conformance with the standards and other specific requirements of the chosen network or set of networks. Credentials are ultimately supplied to a handheld device such as a mobile telephone via a wireless network. The user holding the credential may then use the handheld device to conduct the authorized transaction or set of transactions via, for example, a short range wireless link with a point-of-sale terminal.
대표청구항▼
1. A method of issuing a credential to a wireless device and providing the issued credential from the wireless device to a reader device, the method comprising: receiving a request for the issuance of the credential with a credential issuing server, the request including an E.164 phone number associ
1. A method of issuing a credential to a wireless device and providing the issued credential from the wireless device to a reader device, the method comprising: receiving a request for the issuance of the credential with a credential issuing server, the request including an E.164 phone number associated with the wireless device;accepting a routable address associated with the request, the routable address being resolvable in a data network from the E.164 phone number of the wireless device at which to transmit the credential;accepting data defining the credential;issuing the credential as defined by the data to the wireless device through a secure transmission path comprising the data network and a wireless link;mapping a reader key to the issued credential, wherein the reader key is received from an issuer of the issued credential; andreceiving the issued credential via radio frequency (RF) at the reader device in response to the reader device transmitting the reader key to the wireless device via RF so as to select the associated credential. 2. The method of claim 1, wherein the issuing of the credential to the wireless device comprises: resolving a Uniform Resource Identifier (URI) as the routable address of the wallet application associated with the request. 3. The method of claim 2, wherein the resolving of the URI of the wallet application comprises: retrieving the URI associated with a standardized services field contained in an ENUM Naming Authority Pointer (NAPTR) record for the E.164 phone number for the wireless device. 4. The method of claim 3, further comprising: adding the NAPTR record corresponding to the wallet application to the ENUM database when the wallet application is first activated on the wireless device. 5. The method of claim 3, further comprising: deleting the NAPTR record corresponding to the wallet application from the ENUM database when the wallet application is deleted from said the wireless device. 6. The method of claim 1, further comprising: assigning a unique Uniform Resource Identifier (URI) to a wallet application operating on the wireless device;accepting the URI of the wallet application as the routable address associated with the wireless device. 7. The method of claim 1, further comprising: assigning a unique Internet-routable address as the routable address to a wallet application on the wireless device;issuing the credential to the unique Internet-routable address on the wireless device over the data network and the wireless link. 8. The method of claim 7, wherein the issuing of the credential further comprises: transmitting the credential to the Internet-routable address in an Internet application layer communication session. 9. The method of claim 8, further comprising; registering the wallet application upon activation thereof with a multimedia communication session registrar server. 10. The method of claim 1, further comprising: modifying the issued credential contained within the wireless device through the secure transmission path. 11. The method of claim 1, further comprising: canceling the credential contained within the wireless device through the secure transmission path. 12. The method of claim 1, wherein the issuing of the credential further comprises: issuing the credential from an issuer of any of a credit card account, a debit card account, an automated teller machine account, a bank account, a stored value account, a membership card, a loyalty card, a security access card, an identification card, a driver's license, a ticket, and a coupon. 13. The method of claim 1, further comprising: conducting an electronic funds transfer from a first account to a second account with the issued credential. 14. The method of claim 1, further comprising: determining whether a wallet application is available on the wireless device prior to the issuing of the credential. 15. The method of claim 1, further comprising: notifying a user of the wireless device that connectivity with a system authorized to issue the credential has been established for the purpose of issuing the credential; andissuing the credential only upon a command by the user to continue with the issuing subsequent to the notifying of the connectivity. 16. The method of claim 1, further comprising: notifying a user via the wireless device that the credential has been received. 17. A system to transmit a credential from an issuer to a wireless device, and from the wireless device to a reader device, the system comprising: a wallet application running on the wireless device;a network comprising a non-wireless network portion and a wireless network portion over which to transmit the credential to the wireless device;an address resolution apparatus to obtain an address on the network of the wallet application from a unique E.164 phone number assigned to the wireless device on the wireless portion of the network;a credential issuing server to receive a request for the issuance of a credential, the request including the unique E.164 phone number associated with the wireless device;a wireless credential manager in a secure communication with the wallet application to securely transmit the credential from the issuer to the wireless device through the network under cooperative control of the wireless credential manager and the wallet application in response to an authorized request for the credential, the wireless credential manager to receive the issued credential and a corresponding reader key from the issuer, and the wallet application of the device to map the reader key to the issued credential; anda reader device to receive the credential via radio frequency (RF) in response to the reader device transmitting the reader key to the wireless device via RF so as to select the associated credential. 18. The system of claim 17, wherein the non-wireless portion of the network is a public data network. 19. The system of claim 17, wherein the non-wireless portion of the network is the Internet. 20. The system of claim 17, wherein the non-wireless portion of the network is a private data network. 21. The system of claim 17, further comprising: a transmission channel over which the credential is communicated to the wireless device under an application layer communication protocol. 22. The system of claim 21, wherein the credential is encrypted prior to traversing the transmission channel. 23. The system of claim 17, wherein the wireless credential manager communicates with the wallet application to modify the credential. 24. The system of claim 17, wherein the wireless credential manager communicates with the wallet application to revoke the credential. 25. The system of claim 17, wherein the wallet application conveys data indicative of the credential to conduct an electronic funds transfer from a first account to a second account or to conduct a transaction using an associated credit card account, a debit card account, an automated teller machine account, a bank account, a stored value account, a membership card, a loyalty card, a security access card, an identification card, a driver's license, a ticket, and a coupon. 26. The system of claim 17, wherein the wallet application notifies a user through the wireless device that the credential has been received. 27. The system of claim 17, wherein the wireless credential manager is notified when the wireless device moves from an unavailable location to an available location. 28. The system of claim 17, wherein the wireless credential manager determines the presence of the wallet application on the wireless device prior to transmitting the credential. 29. The system of claim 17, wherein the wireless device further comprises a resolver for facilitating transactions between the wireless device and another wireless device. 30. The system of claim 17, wherein the wallet application further comprises: an interface to manage profiles containing a plurality of credentials. 31. The system of claim 17, further comprising: an issuer account management system to receive the credential information obtained by the RF reader and transmitted through a first network path and, in response to the transmission, to transmit an identity request to the wireless device through a second network path distinct from the first network path. 32. The system of claim 17, further comprising: an issuer account management system to receive the credential information obtained by the RF reader through a first network path, and, in response to the transmission, to transmit a credential preference request to the wireless device through a second network path distinct from the first network path. 33. A wireless device comprising: a user interface to accept input from a user and to display information to the user;a wallet application to send a request for the issuance of a credential, the request including a unique E.164 phone number associated with the wireless device and to selectively receive at least one credential transmitted to the wireless device from a credential issuer via a network comprising both wireless and non-wireless portions, wherein: the wireless device comprises at least one of an integrated near field (NFC) communications technology interface and a radio frequency identification (RFID) interface to communicate with an external reader device;the wireless device further comprises a wallet application operating thereon;the wireless device further comprises a secure memory module to store the credential;the user interface comprises at least one wallet button mapped to at least one credential contained in the wireless device to control the wallet application and a user control to selectively transmit one or more credentials to the external reader device only upon activation thereof; andthe secure memory to include a reader key associated with the issued credential, the reader key received from the issuer card management system with the issued credential;the external reader device transmits the reader key to the wireless device to select the associated credential from the credential database during the transaction; andthe wireless device receives the reader key from the external reader device to select the associated credential from the memory. 34. The wireless device of claim 33, wherein the at least one wallet button, when pressed, launches execution of the wallet application on the wireless device. 35. A method of issuing a credential to a wireless device over a data network, the issued credential to be transmitted from the wireless device to a reader device, the method comprising: receiving at a credential issuing server a request for the issuance of a credential, the request including a unique E.164 telephone number associated with the wireless device;accepting data defining an issued credential upon approval of the request;sending to a domain name system (DNS) server an E.164 number mapping (ENUM) query on the unique E.164 telephone number;receiving one or more Naming Authority Pointer (NAPTR) records in response to the ENUM query;locating an NAPTR record associated with a mobile wallet Enumservice on the wireless device;retrieving a uniform resource identifier (URI) from the NAPTR record associated with the mobile wallet Enumservice;translating a domain name in corresponding fields of the retrieved URI to an Internet Protocol (IP) address using a DNS resolver;establishing a communications session between the credential issuing server and the wireless device using the IP address;providing the issued credential to the wireless device in the communications session through a secure transmission path comprising the data network and a wireless link; andproviding the wireless device associated with the unique E.164 telephone number and incorporating a memory storage medium, with the wallet application and the issued credential for storage therein;mapping a reader key to the issued credential, wherein the reader key is received from an issuer with the issued credential; andreceiving the issued credential via radio frequency (RF) with a reader device in response to the reader device transmitting the reader key to the wireless device via RF so as to select the associated credential. 36. The method of claim 35, further comprising: providing the wireless device with at least one of an integrated Near Field Communications (NFC) technology interface and a Radio Frequency Identification (RFID) technology interface to communicate with the reader device. 37. The method of claim 36, further comprising: providing the wireless device with a user control to activate the wallet application and to control transmission of the credential to the reader device via the NFC interface or the RFID interface to the reader device. 38. The method of claim 35, further comprising: establishing the communications session as a Session Initiation Protocol (SIP) session. 39. The method of claim 38, further comprising: establishing the SIP session as a secure SIP session. 40. The method of claim 35, further comprising: modifying the issued credential while stored within the wireless device. 41. The method of claim 35, further comprising: cancelling the issued credential stored within the wireless device. 42. The method of claim 35, wherein the method further comprises: upon a positive determination that the NAPTR record of the mobile wallet Enumservice cannot be located:confirming that a wallet application should be downloaded to the wireless device;downloading the wallet application to the wireless device upon the confirmation; andupdating the NAPTR records associated with the E.164 telephone number associated with the wireless device with a new NAPTR record associated with the mobile wallet Enumservice and a corresponding URI of the downloaded wallet application. 43. The method of claim 42, wherein the receiving of the request for the issuance of a credential and the accepting of the data defining the issued credential further comprises: sending to the wallet application operating on the wireless device an authentication query originated by an issuer card management system via the credential issuing server;receiving at the issuer card management system via the credential issuing server valid authentication data input at the wireless device in response to the authentication query; andaccepting at the credential issuing server the data defining the issued credential from the issuer card management system. 44. The method of claim 36, wherein the credential is associated with one of a credit card account, debit card account, ATM card account, bank account, stored value account, membership card, loyalty card, security access card, identification card, driver's license, ticket, coupon, electronic currency and authentication requests. 45. The method of claim 35, further comprising: providing a credential issuing server for issuing the credential to the wireless device over the data network;receiving at the credential issuing server the request for issuing the credential from an issuer card management system;accepting at the credential issuing server the E.164 telephone number associated with the wireless device;accepting at the credential issuing server the data defining the issued credential;routing at the credential issuing server an authentication query between the issuer card management system and a wallet application operating on the wireless device;translating at the credential issuing server the E.164 telephone number associated with the wireless device into a URI specific to the wallet application operating on the wireless device by querying a DNS server; andestablishing at the credential issuing server the communications session with the wireless device to transmit the issued credential to the wireless device. 46. The method of claim 45, wherein the retrieving of the URI from the NAPTR record associated with the mobile wallet Enumservice further comprises: retrieving the URI specific to the wallet application by detecting a service field of the NAPTR containing the Enumservice of the wallet application. 47. The method of claim 45, further comprising: adding the NAPTR record corresponding to the wallet application operating on the wireless device to the DNS server when the wallet application is first activated on the wireless device. 48. The method of claim 45, further comprising: deleting the NAPTR record corresponding to the wallet application operating on the wireless device from the DNS server when the wallet application is deleted from the wireless device. 49. The method of claim 45, further comprising: routing at the credential issuing server a SIP REGISTER request from the wallet application operating on the wireless device to a SIP registrar such that the URI of the wallet application and the IP address of the wireless device is associated together in a database of the SIP registrar. 50. A system to conduct a transaction with a credential issued by a credential issuer over a communications network, the system comprising: a wireless device on a wireless subnetwork of the communications network;an issuer card management system associated with the credential issuer to issue the credential upon approval of the issuance thereof in response to a request therefor;a credential database on the wireless device in which to store the issued credential;a credential manager in secure communication with the issuer card management system through the communications network and with the wireless device through the wireless subnetwork, the credential manager to establish a secure communication channel with the wireless device and to transmit the issued credential to the wireless device via the secure communication channel;a resolver to determine the address on the communication channel from an E.164 phone number assigned to the wireless device;a transaction terminal at which to conduct the transaction with the wireless device using the issued credential stored in the credential database;a wallet application to execute on the wireless device so as to control access to the credential database, the wallet application having assigned thereto an address on the secure communication channel; anda credential reader at the transaction terminal to receive the issued credential in a peer- to-peer communication session with the wallet application,wherein the peer-to-peer communication session occurs through a near-proximity interface that is one of a Near Field Communication interface and a Radio Frequency Identification interface, andwherein the credential database includes a reader key associated with the issued credential, the reader key received from the issuer card management system with the issued credential, andwherein the credential reader transmits the reader key to the wireless device to select the associated credential from the credential database during the transaction. 51. The system of claim 50, wherein the credential database is accessible through the address on the secure communication channel associated with the wireless device. 52. The system of claim 50, wherein the resolver determines a packet-routable address as the address on the secure communication channel from a circuit-switchable address as the address assigned to the wireless device. 53. The system of claim 52, wherein the packet-routable address is compliant with a communications protocol compatible with the Internet and the circuit-switchable address is compliant with a communications protocol compatible with the Public Switched Telephone Network. 54. The system of claim 50, wherein the packet-routable address is obtained from a Uniform Resource Identifier in a Naming Authority Pointer record received in response to an E.164 Number Mapping query. 55. The system of claim 50, wherein the credential manager accesses the credential database through a process-to-process communication session with the wallet application through the communication channel. 56. The system of claim 55, further comprising: an intermediary server to mediate the process-to-process communication session between the wallet application and the credential manager through an association of an identifier of the wallet application with the address on the communication channel. 57. The system of claim 56, further comprising: a location server in communication with the intermediary server to store a registry containing the association of the identifier of the wallet application and the address on the communication channel. 58. The system of claim 57, wherein the association in the registry is created upon a command to the intermediary server from the wallet application. 59. The system of claim 57, wherein the association in the registry is dissolved upon deletion of the wallet application from the wireless device. 60. The system of claim 57, wherein the credential manager transmits the issued credential to the wireless device only upon a positive determination by the location server that the address on the communication channel is reachable. 61. The system of claim 57, wherein the intermediary server, upon an indication from the location server and subsequent to a period in which the address on the communication channel is unreachable, notifies the credential manager when the address on the communication channel is reachable. 62. The system of claim 55, wherein the process-to-process communication session occurs on an application layer of a predetermined communication architecture and is initiated by a signaling protocol compliant with the predetermined communication architecture. 63. The system of claim 62, wherein the predetermined communication architecture is compatible with the Internet and the signaling protocol is compatible with the Session Initiation Protocol. 64. The system of claim 50, further comprising: a user interface on the wireless device to select the issued credential from the credential database through the wallet application. 65. The system of claim 64, further comprising: a user control on the user interface to activate the wallet application. 66. The system of claim 64, further comprising: a user control on the user interface to transmit the issued credential exclusively upon activation thereof. 67. The system of claim 50, wherein the credential database includes a reader key associated with the issued credential, the reader key received from the issuer card management system with the issued credential. 68. The system of claim 50, further comprising: an issuer credential management system on the communication network to authorize completion of the transaction through a request for authorization action and a validation action;a first transmission path in the communication network over which one of the request for authorization action and the validation action is performed; anda second transmission path in the communication network distinct from the first transmission path over which the other one of the request for authorization action and the validation action is performed. 69. The system of claim 68, wherein: the first transmission path includes the transaction terminal and the issuer credential management system over which the request for authorization action is performed; andthe second transmission path includes the wireless device, the credential manager and the issuer credential management system over which the validation action is performed. 70. A method for conducting a transaction with a credential issued by a credential issuer over a communications network, the method comprising: approving a request for issuance of the credential by the credential issuer to a wireless device associated with the request;receiving the issued credential at a credential manager through the communications network;establishing a secure communication channel between the credential manager and the wireless device;resolving an address on the secure communication channel through which to access a credential database from an E.164 phone number assigned to the wireless device and assigning the address on the secure communication channel to a wallet application on the wireless device;transmitting the issued credential to the wireless device via the secure communication channel;storing the issued credential in a credential database on the wireless device;conducting the transaction with the wireless device using the issued credential stored in the credential database;executing the wallet application on the wireless device and controlling thereby access to the credential database;establishing a peer-to-peer communication session between the wallet application and a credential reader during the transaction through a near-proximity interface that is one of a Near Field Communication interface and a Radio Frequency Identification interface;receiving the issued credential at the credential reader through the peer-to-peer communication session,providing a reader key associated with the issued credential in the credential database, the reader key received from the issuer card management system with the issued credential; andtransmitting the reader key to the wireless device to select the associated credential from the credential database during the transaction. 71. The method of claim 70, wherein the determining of the packet-routable address includes: querying an E.164 Number Mapping service for a Naming Authority Pointer record associated with an E.164 phone number assigned to the wireless device; andobtaining the packet-switchable address from a Uniform Resource Identifier received in the Naming Authority Pointer record. 72. The method of claim 70, further comprising: providing to the credential manager access to the credential database through a process-to-process communication session with the wallet application through the communication channel. 73. The method of claim 72, wherein the assigning of the address on the communication channel includes: determining a domain identifier of the wallet application;associating the domain identifier with the address on the communication channel; andstoring the association in a registry accessible through the communications network. 74. The method of claim 73, wherein the associating of the identifier includes: transmitting the association to the registry upon a command from the wallet application. 75. The method of claim 73, further comprising: dissolving the association in the registry upon deletion of the wallet application from the wireless device. 76. The method of claim 70, wherein the issuing of the credential to the wireless device includes: determining whether the address on the secure communication channel is reachable by the credential manager;transmitting the issued credential to the wireless device only upon a positive determination that the address on the communication channel is reachable. 77. The method of claim 76, wherein the determining of the reachability of the address on the communication channel includes: awaiting at the credential manager, subsequent to a period in which the address on the communication channel is unreachable, notification from a location service that the address on the communication channel is reachable. 78. The method of claim 70, wherein the establishing of the peer-to-peer communication session includes: generating a near-proximity magnetic field between the wireless device and the credential reader; andestablishing the peer-to-peer communication session through the generated magnetic field. 79. The method of claim 78, wherein the receiving of the issued credential includes: receiving the issued credential through inductive coupling in the magnetic field between the wireless device and the credential reader. 80. The method of claim 70, further comprising: selecting the issued credential from the credential database through a user interface on the wireless device. 81. The method of claim 80, further comprising: transmitting the issued credential from the wireless device exclusively upon activation of a user control on the user interface. 82. The method of claim 70, further comprising: receiving a reader key associated with the issued credential at the wireless device; andstoring the associated issued credential and the reader key in the credential database. 83. The method of claim 82, wherein the receiving of the issued credential at the credential reader includes: transmitting the reader key from the credential reader to the wireless device;selecting the issued credential associated with the transmitted reader key from the credential database; andtransmitting the selected credential from the wireless device to the reader.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (20)
Drummond, Jay Paul; Smith, Mark D., Automated banking machine system and method.
Chatterjee Arun K. ; Daly Brian Kevin ; Holmes David William James ; Leuca Ileana A., System and method for automatic registration notification for over-the-air activation.
Lee, Jun-Yih; Chang, Sung-Yao; Wang, Ching-Feng, System and method for secure trading mechanism combining wireless communication and wired communication.
Buros, Karen Lynn; Dobbs, Bryan Douglas; Robinson, Ann Mizell; Knaus, Robert James, System and method for suspending and resuming digital certificates in a certificate-based user authentication application system.
Williams Humphrey ; Hughes Kevin ; Parmar Bipinkumar G., System, method and article of manufacture for network electronic payment instrument and certification of payment and credit collection utilizing a payment.
Raleigh, Gregory G.; Green, Jeffrey; Lavine, James; Nguyen, Vien-Phuong, Attribution of mobile device data traffic to end-user application based on socket flows.
Raleigh, Gregory G.; Lavine, James; Green, Jeffrey, End user device that secures an association of application to service policy with an application certificate check.
Raleigh, Gregory G.; Tellado, Jose; Green, Jeffrey; Lavine, James; Carter, III, Russell Bertrand, Enhanced curfew and protection associated with a device group.
Raleigh, Gregory G.; Tellado, Jose; Green, Jeffrey; Lavine, James; Carter, III, Russell Bertrand; James, Justin; Nguyen, Laurent An Minh, Method for child wireless device activation to subscriber account of a master wireless device.
Raleigh, Gregory G.; Tellado, Jose; Green, Jeffrey; Lavine, James; James, Justin; Nguyen, Laurent An Minh; Carter, III, Russell Bertrand, Service plan design, user interfaces, application programming interfaces, and device management.
Petralia, Kathryn; Frohwein, Robert J.; Papageorgiou, Chuck Kyriacos, System and method for providing financial instruments to customers of a service provider.
Brudnicki, David; Craft, Michael K; Reisgies, Hans; Weinstein, Andrew, System and method for providing secure data communication functionality to a variety of applications on a portable communication device.
Oberheide, Jon; Abduljaber, Omar; Zhu, Boyang, System and method of notifying mobile devices to complete transactions after additional agent verification.
Raleigh, Gregory G.; Lavine, James; Raissinia, Alireza, Wireless device applying different background data traffic policies to different device applications.
Raleigh, Gregory G.; Lavine, James; Raissinia, Alireza, Wireless end-user device with differential traffic control policy list applicable to one of several wireless modems.
Raleigh, Gregory G.; Lavine, James; Raissinia, Alireza, Wireless end-user device with network traffic API to indicate unavailability of roaming wireless connection to background applications.
Raleigh, Gregory G.; Lavine, James; Raissinia, Alireza, Wireless end-user device with wireless modem power state control policy for background applications.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.