WO2017012086A1 - Gestion de données basée sur un élément sécurisé - Google Patents

Gestion de données basée sur un élément sécurisé Download PDF

Info

Publication number
WO2017012086A1
WO2017012086A1 PCT/CN2015/084761 CN2015084761W WO2017012086A1 WO 2017012086 A1 WO2017012086 A1 WO 2017012086A1 CN 2015084761 W CN2015084761 W CN 2015084761W WO 2017012086 A1 WO2017012086 A1 WO 2017012086A1
Authority
WO
WIPO (PCT)
Prior art keywords
pin
service
data
external device
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2015/084761
Other languages
English (en)
Inventor
Jianhui Li
Yuntao SUN
Jianliang LIU
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hewlett Packard Development Co LP
Original Assignee
Hewlett Packard Development Co LP
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Development Co LP filed Critical Hewlett Packard Development Co LP
Priority to PCT/CN2015/084761 priority Critical patent/WO2017012086A1/fr
Publication of WO2017012086A1 publication Critical patent/WO2017012086A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising
    • G06Q30/0207Discounts or incentives, e.g. coupons or rebates

Definitions

  • FIG. 1 illustrates a diagram of a data structure of a data manager in a form of Secure Element in accordance with various examples of the present disclosure.
  • FIG. 2 illustrates a schematic diagram of communication between the data manager and external devices in accordance with various examples of the present disclosure.
  • FIG. 3A illustrates a protocol diagram of communication in terms of services with high security demand between the data manager and external devices in accordance with various examples of the present disclosure.
  • FIG. 3B illustrates a protocol diagram of communication in terms of services with low security demand between the data manager and external devices in accordance with various examples of the present disclosure.
  • FIG. 4 illustrates a flowchart of a method for Secure Element based data management in accordance with various examples of the present disclosure.
  • FIG. 5 illustrates a flowchart of another method for Secure Element based data management in accordance with various examples of the present disclosure.
  • FIG. 6 illustrates a block diagram of a Secure Element based data management system in accordance with various examples of the present disclosure.
  • FIG. 7 illustrates a diagram of a computer system for implementing various examples of the present disclosure.
  • a typical technique employs Quick Response (QR) codes in combination with online IDs, requiring multiple applications and presenting a high error rate and a slow response.
  • QR Quick Response
  • Another typical technique utilizes NFC plus logic encryption cards, but needs a physical card and a fixed data structure.
  • the present disclosure provides a method and system for a highly secure and flexible all-in-one card for shops of the retail industry.
  • a java card application is installed into an embedded Secure Element (SE) of the device, which in one example may be a mobile device, e.g., a mobile phone.
  • SE embedded Secure Element
  • the Secure Element may accommodate different types of loyalty cards, electronic tickets (e-tickets) or electronic coupons (e-coupons) , etc. Therefore, data from all of the shops may be stored and managed together at the Secure Element.
  • FIG. 1 a data structure of a data manager 100 in a form of Secure Element in accordance with various examples of the present disclosure is depicted.
  • the data manager 100 in accordance with the present disclosure may be implemented in a Secure Element.
  • the data manager may store and manage various types of data.
  • the data manager may store and manage data of services with high security demand to which the customer is more sensitive or pays more attention, e.g., shop loyalty card data, electronic cash balance data, member point data, etc.
  • the data manager may store and manage data of services with low security demand to which the customer is less sensitive or pays less attention, e.g., e-ticket data, e-coupon data, spending history data, etc.
  • the data manager may store and manage both of the data of the services with high security demand and the data of the services with low security demand.
  • the data manager 100 may store personal information 101 of the customer, a plurality of loyalty cards 102-1 to 102-N respectively for shops 1 to N, a plurality of keys 103-1 to 103-N for the loyalty cards 102-1 to 102-N, a plurality of PIN (Personal Identification Number) codes 104-1 to 104-N, a plurality of e-tickets 105-1 to 105-M, a plurality of e-coupons 106-1 to 106-L, a plurality of first electronic signatures 107-1 to 107-M for the e-tickets 105-1 to 105-M, a plurality of second electronic signatures 107-1′ to 107-L′ for the e-coupons 106-1 to 106-L, a plurality of electronic cash balances 108-1 to 108-N for the loyalty cards 102-1 to 102-N, a plurality of member points 109-1 to 109-N for the loyalty cards 102-1 to 102-N, a plurality of member
  • the Secure Element (not shown in FIG. 1) comprising the data manager 100 manages all of the loyalty cards 102-1 to 102-N, the e-tickets 105-1 to 105-M, the e-coupons 106-1 to 106-L, etc., for the customer.
  • One shop e.g, a shop 1
  • customer data issued by itself, e.g., the loyalty card 102-1, the electronic cash balance 108-1, the member point 109-1, etc.
  • the high security of the data structure of the data manager 100 can prevent the personal information 101 of the customer from being accessed by unauthorized users.
  • the data of the services with high security demand for different sources may be separated by highly secure firewalls.
  • the data of the loyalty card 102-1 from the shop 1 may be separated from the data of the loyalty card 102-2 from the shop 2 by a highly secure firewall
  • the data of the loyalty card 102-2 from the shop 2 may be separated from the data of the loyalty card 102-3 from the shop 3 by a highly secure firewall, ... , and so on.
  • the data of the electronic cash balance for one shop may be separated from that for another shop by a highly secure firewall.
  • the data of the member point for one shop may be separated from that for another shop by a highly secure firewall.
  • the data of the services with high security demand may be encrypted by using a unique key and authenticated by using a unique PIN code.
  • the data of the loyalty card 102-1 may be encrypted with the key 103-1 and authenticated with the PIN code 104-1
  • the data of the loyalty card 102-2 may be encrypted with the key 103-2 and authenticated with the PIN code 104-2
  • the data of the loyalty card 102-N may be encrypted with the key 103-N and authenticated with the PIN code 104-N.
  • data of a particular electronic cash balance may be encrypted with a unique key and authenticated with a unique PIN code.
  • data of a particular member point may be encrypted with a unique key and authenticated with a unique PIN code.
  • the data of the services with low security demand may be protected using electronic signatures and PIN codes.
  • the data of the e-coupon 106-1 may be protected using the electronic signature 107-1′ and the PIN code 104-1′, ...
  • the data of the e-coupon 106-L may be protected using the electronic signature 107-L′ and the PIN code 104-L′.
  • the data of the e-ticket 105-1 may be protected using the electronic signature 107-1 and the PIN code 104-1′′, ...
  • the data of the e-ticket 105-M may be protected using the electronic signature 107-M and the PIN code 104-M′′.
  • data for different services may be integrated with each other without a need for too many applications to be installed in the mobile device of the customer and without any decrease in the security of the services.
  • FIG. 2 a schematic diagram of communication between the data manager and external devices in accordance with various examples of the present disclosure is depicted.
  • the data manager 100 shown in FIG. 1 is included in a Secure Element 201.
  • a mobile device 200 comprises the Secure Element 201, an NFC controller 202, an antenna 203 and a mobile device application 204.
  • the mobile device 200 may communicate with a shop application 211 via an NFC reader/writer 220.
  • the mobile device 200 may communicate with a cloud server 230 for purchase or transaction, e.g., exchange of the e-tickets or the e-coupons, in addition to the above-mentioned interactions.
  • the mobile device 200 may access the cloud server 230 using the mobile device application 204, and the shop 1 may access the cloud server 230 using the shop application 211, e.g., in a WiFi (Wireless Fidelity) , 3G (The 3 rd Generation) , 4G (The 4 th Generation) or https environment.
  • both of the accesses may be performed by using TLS (Transport Layer Security) /SSL (Secure Sockets Layer) .
  • mutual authentication may be employed during the accesses.
  • the mutual authentication may be based on symmetric encryption and a hash function.
  • the symmetric encryption approach is AES (Advanced Encryption Standard) and the hash function is SHA256 (Secure Hash Algorithm 256) .
  • an authentication key used in the mutual authentication between the mobile device 200 and the shop 1 may be unique since it is generated from a shop key for the shop 1 and the personal information contained in the data manager 100.
  • the AES approach and the SHA256 approach are utilized to prevent data falsification in subsequent communication performed after the mutual authentication.
  • FIG. 3A a protocol diagram of communication in terms of the services with high security demand between the data manager 100 and an external device 300 in accordance with various examples of the present disclosure is depicted.
  • the external device 300 transmits a request for a transaction to the data manager 100.
  • the external device 300 may be the NFC reader/writer 220 shown in FIG. 2.
  • the external device 300 may be a device for communication between the cloud server 230 and the mobile device 200 shown in FIG. 2.
  • the mutual authentication as described above is performed between the data manager 100 and the external device 300 to confirm that establishment between them is reliable.
  • the data manager 100 transmits a feedback message for receipt of the request for transaction, and the external device 300 confirms the feedback result and obtains a key for one of the shops.
  • the external device 300 generates a random number R1, encrypts R1 as R1E based on the key using a first encryption approach, generates a first message authentication code (MAC) based on the key and R1E using a second encryption approach, and transmits R1E and the first MAC to the data manager 100.
  • R1E random number
  • MAC message authentication code
  • the data manager 100 performs the following operations: obtaining the key for the shop; confirming the first MAC; decrypting R1E as R1ED based on the key using a first decryption approach corresponding to the first encryption approach; re-encrypting R1ED as R1EDE based on the key using the first encryption approach; generating a random number R2; encrypting R2 as R2E based on the key using the first encryption approach; generating a second MAC based on the key, R2E and R1EDE using the second encryption approach; and transmitting R1EDE, R2E and the second MAC to the external device 300.
  • the external device 300 After receiving R1EDE, R2E and the second MAC, the external device 300 performs the following operations: confirming the second MAC; decrypting R1EDE as R1EDED based on the key using the first decryption approach; determining whether R1EDED equals to R1; if so, decrypting R2E as R2ED based on the key using the first decryption approach; encrypting R2ED as R2EDE based on the key using the first encryption approach; generating a third MAC based on the key and R2EDE using the second encryption approach; and transmitting R2EDE and the third MAC to the data manager 100.
  • the data manager 100 confirms the third MAC, decrypts R2EDE as R2EDED based on the key using the first decryption approach and determines whether R2EDED equals to R2. If so, the process proceeds to 303.
  • the first encryption approach may be AES and the second encryption approach may be SHA256 using the message authentication code (MAC) .
  • MAC message authentication code
  • the data manager 100 transmits a request for a PIN input for one of the shops.
  • the shop 1 is taken as an example herein.
  • the external device 300 obtains a PIN input from a customer, encrypts the PIN input as an encrypted PIN code using a temporary communication key, which may be referred to as a transaction code, obtained in the mutual authentication process, and generates a PIN related message authentication code (MAC) based on the transaction code and the encrypted PIN code.
  • MAC PIN related message authentication code
  • the transaction code is used to prevent interception by a malicious user.
  • the external device 300 transmits the encrypted PIN code and the PIN related MAC to the data manager 100.
  • the encryption of the PIN input may be performed using a first encryption approach and the generation of the PIN related MAC may be performed based on a second encryption approach.
  • the data manager 100 Upon receipt of the encrypted PIN code and the PIN related MAC, at 306, the data manager 100 confirms the PIN related MAC, decrypts the encrypted PIN code and verifies the decrypted PIN code using a PIN code initially stored in the data manager 100 for the shop 1, i.e., the PIN code 104-1 shown in FIG. 1. At 307, the data manager 100 transmits a verification result to the external device 300.
  • the decryption of the encrypted PIN code may be performed based on a first decryption approach corresponding to the first encryption approach.
  • cryptograph communication is performed with regard to the transaction for the shop 1 between the data manager 100 and the external device 300 to prevent data falsification.
  • the cryptograph communication may be performed using both the first encryption approach and the second encryption approach.
  • FIG. 3B a protocol diagram of communication in terms of the services with low security demand between the data manager 100 and the external device 300 in accordance with various examples of the present disclosure is depicted.
  • the external device 300 may be the NFC reader/writer 220 shown in FIG. 2.
  • the external device 300 may be a device for communication between the cloud server 230 and the mobile device 200 shown in FIG. 2.
  • the external device 300 may request reading of the data for the services; the data manager 100 may obtain a list of the services, e.g., the plurality of e-tickets 105-1 to 105-M or the plurality of e-coupons 106-1 to 106-L shown in FIG. 1, and transmit the list to the external device 300; the external device 300 may select one service from the list, e.g., e.g., the e-ticket 105-1 or the e-coupon 106-1 shown in FIG. 1, and transmit a request to read data for the selected service to the data manager 100; the data manager 100 may obtain the data for the selected service and transmit it to the external device 300.
  • the data manager 100 may obtain a list of the services, e.g., the plurality of e-tickets 105-1 to 105-M or the plurality of e-coupons 106-1 to 106-L shown in FIG. 1, and transmit the list to the external device 300; the external device 300 may select one service from the list,
  • the data for the services may contain electronic signatures, e.g., the electronic signatures 107-1 to 107-M or 107-1′ to 107-L′.
  • the external device 300 confirms a signature of the data using a public key certificate for the selected service (e.g., the e-ticket 105-1 or the e-coupon 106-1) , wherein the signature is made by a shop associated with the selected service.
  • a public key certificate for the selected service e.g., the e-ticket 105-1 or the e-coupon 106-1
  • the external device 300 requests a transaction for the selected one of the services.
  • the data manager 100 transmits a request for a PIN input for the service.
  • the external device 300 obtains a PIN input from a customer, and generates a PIN digest based on the PIN input.
  • the external device 300 transmits the PIN digest to the data manager 100.
  • the generation of the MAC may be performed based on SHA256.
  • the data manager 100 Upon receipt of the PIN digest, at 307′, the data manager 100 verifies the PIN digest using a PIN code initially stored for the service, i.e., the PIN code 104-1′′ or the PIN code 104-1′ shown in FIG. 1. At 308′, the data manager 100 transmits a verification result to the external device 300 for confirmation. After the confirmation by the external device 300, the communication process ends.
  • a PIN code initially stored for the service i.e., the PIN code 104-1′′ or the PIN code 104-1′ shown in FIG. 1.
  • the verification of the PIN digest may be performed by comparing the PIN digest with the PIN code initially stored in the data manager 100 for the service.
  • FIG. 4 a flowchart of a method 400 for Secure Element based data management in accordance with various examples of the present disclosure is depicted.
  • the method 400 begins with block 410 in which a data manager receives a request for a transaction that utilizes one of a plurality of services stored in the data manager from an external device.
  • the services may include the above services with high security demand such as loyalty cards, member points, electronic cash balances, etc.
  • the data manager performs the mutual authentication described above with the external device.
  • the data manager requests a PIN input for the one service from the external device.
  • the data manager receives PIN data generated at the external device based on the PIN input for the one service.
  • the data manager verifies the PIN data using a PIN code initially stored in the data manager for the one service and feeds a verification result back to the external device, wherein the PIN code for the one service is stored in the data manager in parallel with PIN codes for all other stored services.
  • the data manager conducts the transaction for the one service with the external device. In an example, if the verification is negative, the method 400 ends.
  • the external device may be the NFC reader/writer 220 shown in FIG. 2.
  • the external device may be a device for communication between the cloud server 230 and the mobile device 200 shown in FIG. 2.
  • the received PIN data may comprise an encrypted PIN code encrypted based on the PIN input using a first encryption approach and a message authentication code (MAC) generated based on the encrypted PIN input using a second encryption approach.
  • the first encryption approach may be AES and the second encryption approach may be SHA256 with the MAC.
  • the block 450 may proceed by confirming the MAC and decrypting the encrypted PIN code using a first decryption approach corresponding to the first encryption approach.
  • the verification result in the block 450 may be positive.
  • the block 460 may proceed by performing cryptograph communication with the external device based on the first and second encryption approaches to prevent data falsification.
  • the PIN code for the one service may be separated from the PIN codes for all other stored services by highly secure firewalls in the data manager.
  • the data manager may perform the mutual authentication with the external device based on random numbers R1, R2, the first encryption approach and the second encryption approach.
  • the generation of the encrypted PIN code may be further based on the random numbers R1 and R2, and the generation of the MAC may be further based on a transaction code which is obtained in the mutual authentication and used to prevent interception by a malicious user.
  • FIG. 5 a flowchart of another method 500 for Secure Element based data management in accordance with various examples of the present disclosure is depicted.
  • the method 500 begins with block 510 in which a data manager obtains a list of services stored in the data manager and transmits the list to an external device.
  • the list of services may comprise the above services with low security demand.
  • the data manager receives a request for a transaction that utilizes one service selected from the list, which is transmitted from the external device after confirmation of signature of data for the selected service.
  • the data manager requests a PIN input for the selected service from the external device.
  • the data manager receives PIN data that is generated at the external device based on the PIN input for the one service.
  • the data manager verifies the PIN data using a PIN code initially stored in the data manager for the one service and feeds a verification result back to the external device, wherein the PIN code for the one service is stored in the data manager in parallel with PIN codes for all other stored services.
  • the external device may be the NFC reader/writer 220 shown in FIG. 2.
  • the external device may be a device for communication between the cloud server 230 and the mobile device 200 shown in FIG. 2.
  • the received PIN data may comprise an encrypted PIN code encrypted based on the PIN input.
  • the block 550 may proceed by comparing the encrypted PIN code with the PIN code initially stored for the one service.
  • the verification result from the block 550 may be positive.
  • the data manager conducts further transactions for the one service with the external device.
  • FIG. 6 a block diagram of a Secure Element based data management system 600 in accordance with various examples of the present disclosure is depicted.
  • the Secure Element based data management system 600 may comprise a storage module 601, a detection module 602, a communication module 603, a verification module 604 and a transaction module 605.
  • the storage module 601 stores a plurality of services and stores a plurality of PIN codes in parallel respectively for the plurality of services.
  • the plurality of services may include the loyalty cards 102-1 to 102-N, the electronic cash balances 108-1 to 108-N, the member points 109-1 to 109-N, the e-tickets 105-1 to 105-M, the e-coupons 106-1 to 106-L, etc.
  • the plurality of PIN codes may include the PIN codes 104-1 to 104-N, the PIN codes 104-1′ to 104-L′, the PIN codes 104-1′′ to 104-M′′, etc.
  • the detection module 602 detects whether a request for a transaction that utilizes one of the plurality of services stored in the storage module 601 arrives from an external device. Furthermore, the detection module 602 automatically determines whether the one service involved in the transaction is a first type of service (e.g., the service with high security demand) or a second type of service (e.g., the service with low security demand) .
  • a first type of service e.g., the service with high security demand
  • a second type of service e.g., the service with low security demand
  • the communication module 603 transmits a request to the external device for a PIN input for the one service after detection by the detection module 602 of the arrival of the request for the transaction that utilizes one of the plurality of services.
  • the communication module 603 also receives PIN data generated at the external device based on the PIN input for the one service.
  • the verification module 604 verifies the PIN data to be received by the communication module 603 using a PIN code initially stored in the storage module 601 for the one service and feeds a verification result back to the external device.
  • the transaction module 605 conducts the transaction for the one service with the external device.
  • the external device may be the NFC reader/writer 220 shown in FIG. 2.
  • the external device may be a device for communication between the cloud server 230 and the mobile device 200 shown in FIG. 2.
  • the communication module 603 performs the mutual authentication described above with the external device before it transmits the request for the PIN input for the one service.
  • the received PIN data may comprise an encrypted PIN code encrypted based on the PIN input using a first encryption approach and a message authentication code (MAC) generated based on the encrypted PIN input using a second encryption approach.
  • the first encryption approach may be AES and the second encryption approach may be SHA256 with the MAC.
  • the verification module 604 may perform the verification by confirming the MAC and decrypting the encrypted PIN code using a first decryption approach corresponding to the first encryption approach.
  • the verification result produced by the verification module 604 may be positive.
  • the transaction module 605 may further perform cryptograph communication with the external device based on the first and second encryption approaches in response to a positive verification result from the verification module 604 to prevent data falsification.
  • the PIN code for the one service may be separated from PIN codes for all other stored services by highly secure firewalls in the storage module 601.
  • the communication module 603 may perform the mutual authentication with the external device based on random numbers R1, R2, the first encryption approach and the second encryption approach, before transmitting the request for the PIN input for the one service to the external device.
  • the generation of the encrypted PIN code may be further based on the random numbers R1 and R2, and the generation of the MAC may be further based on a transaction code obtained in the mutual authentication and used to prevent malicious interception.
  • the received PIN data may comprise an encrypted PIN code encrypted based on the PIN input.
  • the verification module 604 may perform the verification by comparing the encrypted PIN code with the PIN code initially stored in the storage module 601 for the one service. In a yet further example, when the encrypted PIN code matches the PIN code initially stored in the storage module 601 for the one service, the verification result produced by the verification module 604 may be positive.
  • the detection module 602 determines that the one service to be utilized in the transaction is the service with low security demand, the data for the services may contain electronic signatures.
  • the computer system 700 includes a processor (s) CPU 701, an associated memory 702 (e.g., random access memory (RAM) , cache memory, flash memory, etc. ) , a storage device 703 (e.g., a hard disk, an optical drive such as a compact disk drive or digital video disk (DVD) drive, a flash memory stick, etc. ) , I/O devices 704 such as a keyboard, a mouse, a microphone (not shown) or a monitor, and a network interface 705, which is coupled to each other via a bus 706.
  • a processor s
  • memory 702 e.g., random access memory (RAM) , cache memory, flash memory, etc.
  • storage device 703 e.g., a hard disk, an optical drive such as a compact disk drive or digital video disk (DVD) drive, a flash memory stick, etc.
  • I/O devices 704 such as a keyboard, a mouse, a microphone (not shown) or a monitor
  • the memory 702 includes, among others, a data management module 707 storing machine readable instructions, which, when executed by the processor 701, cause the processor 701 to perform the following operations.
  • the operations include performing the method 400 as explained with respect to FIG. 4 or the method 500 as explained with respect to FIG. 5.
  • the data management system 600 as shown in FIG. 6 may be implemented as the data management module 707.
  • Another example of the data management module 707 includes instructions that cause the processor 701 to implement the data management system 600 as shown in FIG. 6 and the method 400 as illustrated in FIG. 4 or the method 500 as illustrated in FIG. 5.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Game Theory and Decision Science (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Abstract

La présente invention concerne un procédé pour une gestion de données tout-en-un basée sur un élément sécurisé. Une demande pour une transaction qui utilise l'un d'une pluralité de services stockés dans un gestionnaire de données est reçue au niveau du gestionnaire de données en provenance d'un dispositif externe. Une authentification mutuelle est réalisée avec le dispositif externe. Un numéro d'identification personnel (PIN) entré pour ledit service est demandé par le dispositif externe. Des données de PIN générées au niveau du dispositif externe sur la base de l'entrée de PIN pour le service sont reçues. Ensuite, les données de PIN sont vérifiées à l'aide d'un code PIN stocké initialement pour ledit service et un résultat de vérification est renvoyé au dispositif externe, le code PIN pour ledit service étant stocké dans le gestionnaire de données en parallèle avec des codes PIN pour tous les autres services stockés. La transaction pour ledit service est effectuée avec le dispositif externe en réponse à un résultat de vérification positif.
PCT/CN2015/084761 2015-07-22 2015-07-22 Gestion de données basée sur un élément sécurisé Ceased WO2017012086A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/084761 WO2017012086A1 (fr) 2015-07-22 2015-07-22 Gestion de données basée sur un élément sécurisé

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/084761 WO2017012086A1 (fr) 2015-07-22 2015-07-22 Gestion de données basée sur un élément sécurisé

Publications (1)

Publication Number Publication Date
WO2017012086A1 true WO2017012086A1 (fr) 2017-01-26

Family

ID=57833689

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/084761 Ceased WO2017012086A1 (fr) 2015-07-22 2015-07-22 Gestion de données basée sur un élément sécurisé

Country Status (1)

Country Link
WO (1) WO2017012086A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190172064A1 (en) * 2016-07-01 2019-06-06 American Express Travel Related Services Company, Inc. Systems and methods for validating transmissions over communication channels

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007143740A2 (fr) * 2006-06-08 2007-12-13 Mastercard International Incorporated Dispositif tout en un de paiement par proximité à authentification locale
WO2009038511A1 (fr) * 2007-09-21 2009-03-26 Telefonaktiebolaget Lm Ericsson (Publ) Carte tout-en-un
CN101572598A (zh) * 2008-04-28 2009-11-04 国际商业机器公司 用于可靠的快速集成的方法和装置

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007143740A2 (fr) * 2006-06-08 2007-12-13 Mastercard International Incorporated Dispositif tout en un de paiement par proximité à authentification locale
WO2009038511A1 (fr) * 2007-09-21 2009-03-26 Telefonaktiebolaget Lm Ericsson (Publ) Carte tout-en-un
CN101572598A (zh) * 2008-04-28 2009-11-04 国际商业机器公司 用于可靠的快速集成的方法和装置

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190172064A1 (en) * 2016-07-01 2019-06-06 American Express Travel Related Services Company, Inc. Systems and methods for validating transmissions over communication channels
US11151561B2 (en) * 2016-07-01 2021-10-19 American Express Travel Related Services Company, Inc. Systems and methods for validating transmissions over communication channels

Similar Documents

Publication Publication Date Title
US11876905B2 (en) System and method for generating trust tokens
US11611543B1 (en) Wireless peer to peer mobile wallet connections
US11240219B2 (en) Hybrid integration of software development kit with secure execution environment
CN112805736B (zh) 非接触式卡的密码认证的系统和方法
US11068608B2 (en) Mutual authentication of software layers
CN113545000B (zh) 交付时交互的分散式处理
AU2025263755A1 (en) One-tap payment using a contactless card
US11068883B2 (en) Apparatus and methods for secure element transactions and management of assets
EP3132342B1 (fr) Autorisation de service à l'aide d'un dispositif auxiliaire
Yang Security Enhanced EMV‐Based Mobile Payment Protocol
AU2016219306A1 (en) Peer forward authorization of digital requests
CN107925572A (zh) 软件应用程序到通信装置的安全绑定
CN113169873B (zh) 用于非接触卡的密码认证的系统和方法
US10990982B2 (en) Authenticating a payment card
US9246677B2 (en) Method and system for secure data communication between a user device and a server
WO2017012086A1 (fr) Gestion de données basée sur un élément sécurisé
US20250182086A1 (en) Systems and methods for provisioning escrow and securing purchases
US12328304B2 (en) Secure and privacy preserving message routing system
US20240338676A1 (en) Systems and methods for launching a mobile application or a browser extension responsive to satisfying predetermined conditions
JP2012138812A (ja) コンテンツ管理システムおよびコンテンツ管理方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15898642

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15898642

Country of ref document: EP

Kind code of ref document: A1