US 20100211507A1
`
`(19) United States
`a2) Patent Application Publication co) Pub. No.: US 2010/0211507 A1
`(43) Pub. Date: Aug. 19, 2010
`
`Aabyeet al.
`
`(54) OVER THE AIR UPDATE OF PAYMENT
`TRANSACTION DATA STORED IN SECURE
`MEMORY
`
`(76)
`
`Inventors:
`
`Christian Aabye, Morgan Hill, CA
`(US); Hao Ngo. San Jose, CA (US);
`David William Wilson, London
`(GB), Gustavo Mariath Zeiden,
`Chineham (GB); Chris Pitchford,
`Chineham (GB); Kiushan
`Pirzadeh, Morgan Hill, CA (US)
`
`Correspondence Address:
`TOWNSEND AND TOWNSEND CREWLLP
`TWO EMBARCADERO CENTER, 8TH FLOOR
`SAN FRANCISCO, CA 94111 (US)
`
`(21) Appl. No.:
`
`12/563.421
`
`(22)
`
`Filed:
`
`Sep. 21, 2009
`
`Related U.S. Application Data
`
`(60) Provisional application No. 61/099,060,filed on Sep.
`22, 2008.
`
`Publication Classification
`
`(51)
`
`Int. CL
`(2006.01)
`G06Q 20/00
`(2006.01)
`HO4E 9/14
`(2006.01)
`G06Q 40/00
`,
`(2006.01)
`G06Q 30/00
`(52) US. Ch wees rcecee 705/71; 705/17; 705/64
`ABSTRACT
`(57)
`A system, apparatus, and method for processing payment
`(transactions that are conducted using a mobile device that
`includes a contactless element, such as an integrated circuit
`chip. The invention enables the updating, correction or syn-
`chronization oftransaction data maintained by an Issuer with
`that stored on the device. This is accomplished by using a
`wireless (cellular) network as a data communication channel
`for data provided by an Issuer to the mobile device, and is
`particularly advantageous in circumstances in which the con-
`tactless clement is not presently capable of communication
`with a device reader or point of sale terminal that uses a near
`field communications mechanism. Data transferred between
`the mobile device and Issuer may be encrypted and decrypted
`to provide additional security and protect the data from being
`accessed byotherusers or applications. Ifencryption keys are
`used for the encryption and decryption processes, they may
`be distributed by a keydistribution server or other suitable
`entity to a mobile gateway which participates in the data
`encryption and decryption operations.
`
`Consumer
`
`Payment Device
`
`20
`
`
`
`
`Payment Device
`Reader/POS
`Terminal
`22
`
`/
`
`a“
`“
`
`Acquirer
`30
`
`NS.
`
`\
`
`
`
`
`Merchant
`Data
`Processing
`System
`26
`
`Payment
`Processing
`Network
`34
`
`Issuer
`38
`
`
`
`—_OOF {ny {TT
`/ Merchant/
`Account
`/
`Consumer/
`
`40
`\
`\
`36
`VS nn.
`
`( Database
`
`Database |
`
`
`
`\
`
`Database
`
`\
`28
`VN
`
`GOOG-1009
`Google LLC v. RFCyber Corp./ Page 1 of 19
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 1 of 19
`
`

`

`Patent Application Publication
`
`Aug. 19, 2010 Sheet 1 of 7
`
`US 2010/0211507 Al
`
`Jenss}
`
`ge
`
`
`
`-—~—]|Bursseoold
`
`quewAed
`
`YOMISN
`
`ve
`
`Jeunboy
`
`O¢
`
`JUBYDJEy)
`
`eyeq
`
`Bulssao0id
`
`Wwa}shg
`
`9¢
`
`Jouunsue9
`
`eseqejeq
`
`OV
`
`junoooy
`
`aseqeeq
`
`ge
`
`JUBYIIIA|
`
`aseqeyeq
`
`82
`
`|ounbi4
`
`
`
`
`
`J40wInNsUuoDg
`
`
`
`SojAeqJuawAeY
`
`0¢
`
`
`
`
`
`solAaqyusWAe
`
`JEU|SOd/Hepesy
`
`ce
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 2 of 19
`
`
`
`
`
`

`

`Patent Application Publication
`
`Aug. 19, 2010 Sheet 2 of 7
`
`US 2010/0211507 Al
`
`
`
`
`
`Janss|
`
`EL
`
`juawAeg
`
`Buisseo0ld
`
`}IOMION
`
`PEL
`
`AayuondAuoug
`
`
`
`Janueguolnquysig
`
`OFL
`
`
`
`Aema}esyailqoy]
`
`gel
`
`0Z4
`
`SOL
`
`
`
`
`
`
`
`
`seyinbow’'JoJsuel)abelois
`cohOfhZhqUBWUa}Aebb
`Hepesyeo14eqJAN20}Mowe,
`jeune|SOdBt=3Al
`
`
`IURYOIEeyeBeg
`
`
`
`Zainbig
`
`OOLZO}
`
`SOL
`
` aaeOMAN121N//99
`
`
`Wa}sAsJeIN||ad
`
`ieyprlOSIoll
`
`
`
`jusUa!yssopjoeyu0y
`
`anaes(s)uojealddy
`eyeq601
`
`
`AIINDIDBd1AOQSI1GOV\
`BOBa}u]
`
`901
`
`
`zzh
`
`BdIASQAGO
`
`
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 3 of 19
`
`
`
`
`
`
`
`

`

`Patent Application Publication
`
`Aug. 19,2010 Sheet 3 of 7
`
`US 2010/0211507 Al
`
`
`
`
`
`Antenna
`318
`
`316
`
`Processor
`304
`
`Display
`306
`
`Data Input/Output
`308
`
`Communications
`310
`
`Applications/Data Storage/
`Memory
`312
`
`Contactless Element
`Interface
`314
`
`Contactless Element
`Secure Memory/NFC Data Transfer
`
`302
`
`Figure 3
`
`
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 4 of 19
`
`

`

`US 2010/0211507 Al
`
`Aug. 19,2010 Sheet 4 of 7
`Patent Application Publication
`
`
`Conduct Transaction Using
`Communication Between
`Payment Device and
`Reader/POS Terminal
`
`402
`
`Provide Payment Device
`Data to Reader/POS
`Terminal
`404
`
`
`Store Received Transaction
`Data in Payment Device
`Memory (optional)
`
`
`
`
`406
`
`
`
`
`
`
`Terminate Communication
`Between Payment Device
`and Reader/POS Terminal
`408
`
`
`
`
`Update Transaction Data
`Stored in Payment Device
`Memory via Cellular Network
`
`410
`
`
`Figure 4
`
`
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 5 of 19
`
`

`

`Patent Application Publication
`
`Aug. 19,2010 Sheet 5 of 7
`
`US 2010/0211507 Al
`
`
`
`
`
`
`
`
`For Each Mobile Gateway,
`Encryption Key Server
`Distributes First Encryption
`Key Pair
`502
`
`
`
`
`
`Encryption Key Server
`
`
`Encryption Key Server
`Stores Second Keyof First
`Provides One KeyofFirst
`
`
`Key Pair in Encryption Key
`Key Pair to Mobile Gateway
`
`
`Server
`504
`506
`
`
`
`
`Figure 5(a)
`
`
`
`
`
`
`For Each Issuer, Encryption
`Key Server Distributes
`Second Encryption Key Pair
`508
`
`
`
`
`
`
`Encryption Key Server
`Stores Second Keyof
`Second Key Pairin
`Encryption Key Server
`514
`
`
`
`
`
`Encryption Key Server
`Provides One Key of Second
`Key Pair to Issuer
`
`
`
`
`
`
`
`Issuer Uses Key of Second
`Key Pair to Generate Unique
`Key for Each Mobile
`Payment Device
`512
`
`
`
`Figure 5(b)
`
`
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 6 of 19
`
`

`

`Patent Application Publication
`
`Aug. 19,2010 Sheet 6 of 7
`
`US 2010/0211507 Al
`
`
`
`
`
`——
`
`
`
`Encryption Key Server
`Uses the One Keyof
`the Second Key Pair
`to Generate Unique
`Key for the Mobile
`Device and Encrypts
`the Session Key
`Using the Unique Key
`for the Mobile Device
`532
`
`a E
`
`ncryption Key Server
`Distributes the
`
`Encrypted Session
`Key to the Mobile
`Device (via the Mobile
`Gateway)
`534
`
`—-
`
`Mobile Device Uses
`the Unique Key
`(provided in stage 512
`of Figure 5(b)) to
`Recoverthe Session
`Key to Enable
`Decryption of the
`Updated Transaction
`Data
`536
`
`
`
`
`Y
`Encryption Key Server
`Generates Session
`Specific Key from the
`One Keyofthe First
`Key Pair
`530
`
`Issuer Processes the
`Transaction Data, and
`Provides Updated
`Data to the Payment
`Processing Network
`(or Directly to Mobile
`Gateway)
`526
`
`
`
`tT
`
`Updated Transaction Data is
`Provided to the Mobile Gateway
`~ Mobile Gateway Connects to
`the Encryption Key Server and
`to the Mobile Device
`528
`
`
`
`Figure 5(c)
`
`
`
`Mobile Device
`Initiates Payment
`Transaction with
`Device Reader or
`POS Terminal
`522
`
`
`
`
`
`
`Acquirer Provides
`Transaction Data to
`the Payment
`Processing Network
`and Issuer
`524
`
`
`
`
`
`
`
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 7 of 19
`
`

`

`Patent Application Publication
`
`Aug. 19,2010 Sheet 7 of 7
`
`US 2010/0211507 Al
`
`
`
`
`Vo
`Central
`Printer
`
`
`Controller
`Processor
`610
`
`660
`690
`
`System
`
`
`
`
`
`
`
`
`
`Display
`.
`
`Serial Port
`Adaptor
`
`
`670
`650
`
`Keyboard
`620
`
`.
`.
`Fixed Disk
`630
`
`External
`Interface
`680
`
`Monitor
`640
`
`Figure 6
`
`
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 8 of 19
`
`

`

`US 2010/0211507 Al
`
`Aug. 19, 2010
`
`OVER THE AIR UPDATE OF PAYMENT
`TRANSACTION DATA STORED IN SECURE
`MEMORY
`
`CROSS REFERENCE TO RELATED
`APPLICATIONS
`
`Therefore, in some applications they may not require access
`to remote databases for the purpose ofuser authentication or
`record keepingat the time of a transaction. A smart chip is a
`semiconductor device that is capable of performing most, if
`not all, ofthe functions ofa smart card, but may be embedded
`in another device.
`
`[0001] This application claims priority from U.S. Provi-
`sional Patent Application No. 61/099060, entitled “Contact-
`less Phone With Secret Data’, filed Sep. 22, 2008, the con-
`tents of which is hereby incorporated in its entirety by
`reference forall purposes.
`
`BACKGROUND
`
`Smart cards or chips come in two general varieties;
`[0005]
`the contacttype and the contactless type. A contact type smart
`card or chip is one that includes a physical element(e.g., a
`magnetic stripe) that enables accessto the data and functional
`capabilities ofthe card, typically via some form ofterminal or
`card reader. A contactless smart card or chip is a device that
`incorporates a means of communicating with the card reader
`or point of sale terminal without the need for direct physical
`contact. Thus, such devices mayeffectively be “swiped”(i.e.,
`[0002] Embodiments of the present invention are directed
`waved or otherwise presented in a manner that results in
`to systems, apparatuses and methods for the processing of
`enabling communication between the contactless element
`paymenttransactions, and morespecifically, to a system and
`and a reader or terminal) by passing them close to a card
`associated apparatus and methodlor processing a transaction
`reader or terminal. Contactless cards or chips typically com-
`that includes synchronizing transactiondata stored ina device
`municate with a card reader or terminal using, RF (radio-
`having a contacless element with transaction data main-
`frequency) technology, wherein proximity to the reader or
`tained by an Issuer. The present inventionis further directed to
`terminal enables data transfer between the card or chip and
`systems, apparatuses, and methods for using, a contactless
`the readeror terminal. Contactless cards have found uses in
`element such as an integrated circuit chip embedded in a
`banking and other applications, where they have the advan-
`wireless mobile device to enable paymenttransactions.
`tage ofnot requiring removal fromauser’s wallet or pocket in
`[0003] Consumer payment devices are used by millions of
`order to participate in a transaction. A contactless card or chip
`people worldwide to facilitate various types of commercial
`may be embeddedin, or otherwise incorporatedinto, a mobile
`transactions. In a typical transaction involving the purchase of
`device such as a mobile phone or personal digital assistant
`a product or service at a merchant location, the payment
`(PDA). Further, because ofthe growing interest in such cards,
`device is presented at a point of sale terminal (“POS termi-
`standards have been developedthat govern the operation and
`nal”) located at a merchant’s place of business. The POS
`interfaces for contactless smart cards, such as the ISO 14443
`terminal may bea card readeror similar device that is capable
`standard.
`of accessing data stored on the payment device, where this
`data may include identification or authentication data, for
`example. Data read from the payment device is provided to
`the merchant’s transaction processing systemand thento the
`Acquirer, which is typically a bank or other institution that
`manages the merchant’s account. The data provided to the
`Acquirer maythen be provided to a payment processing
`network that is in communication with data processors that
`process the transaction data to determine if the transaction
`should be authorized by the network, and assist in the clear-
`ance and accountsettlementfunctionsfor the transaction. The
`authorization decision and clearance and settlement portions
`of the transaction may also involve communication and/or
`data transfer between the payment processing network and
`the bankor institution that issued the payment device to the
`consumer(the Issuer).
`[0004] Although a consumer payment device may be a
`credit cardor debit card, it mayalsotake the form ofa “smart”
`card or chip. A smart card is generally defined as a pocket-
`sized. card (or other portable payment device) that is embed-
`ded with a microprocessor and one or more memory chips, or
`is embedded with one or more memory chips with non-pro-
`grammable logic. The microprocessortype card typically can
`implement certain data processing functions, such as ta add,
`delete, or otherwise manipulate information stored in a
`memorylocation on the card. In contrast, the memory chip
`type card (for example, a prepaid phone card) can typically
`only act as a file to hold data that is manipulated by a card
`reading device to perform a pre-defined operation, such as
`debiting a charge from a pre-established balancestored in the
`memory. Smart cards, unlike magnetic stripe cards (such as
`standard credit cards), can implement a variety of functions
`and contain a variety of types of information on the card.
`
`Ina typical paymenttransaction,data is sent from a
`[0006]
`point of sale terminalto the Issuer to authenticate a consumer
`and obtain authorization for the transaction. As part ofthe
`authentication or authorization processes, the data may be
`accessed or processed by other clements ofthe transaction
`processing system(e.g., the merchant’s Acquirer or a pay-
`ment processorthatis part ofa payment processing network).
`Note that in somecases, authorization for the transaction may
`be obtained without connecting to the Issuer; this may be
`permitted by Issuer configured risk management parameters
`that have been set on the consumer’s payment application or
`payment device. If the proposed transaction is authorized,
`then the consumer mayprovide other information to the mer-
`chantas part of completing the transaction. The Issuer or data
`processor mayalsosenddata backto the consumer. Such data
`may include an updateto records ofthe transactions for which
`the payment device has been used, or to a current balance of
`an account associated with the device.
`[0007]
`In the case of a transaction that uses a contactless
`element, a reader or pointof sale terminal is typically only in
`communication with the contactless element for a short
`period of time (e.g., the amount of time needed for the ele-
`ment
`to be recognized by the reader and to provide data
`neededto initiate or conduct a portion ofthe transaction). This
`means that an Issuer or other party wishing, to provide trans-
`action related data to a consumer’s payment device may be
`unable to effectively communicate with the consumer using
`the readeror pointof sale terminal. This can create problems
`for a consumer who wishes to use the payment device for a
`later transaction, as the balance ofa prepaid card or balance of
`acredit card or debit card account may be incorrect andaffect
`the consumer’s ability to obtain authorization for the later
`
`
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 9 of 19
`
`

`

`US 2010/0211507 Al
`
`Aug. 19, 2010
`
`transaction. It may also cause a consumer wishing to access
`their account information to mistakenlythink that they have
`either more or less funds available to themthanthey actually
`do.
`[0008] What is desired is a system, apparatus and method
`for enabling transaction data stored on a payment device that
`utilizes a contactless smart chip to be updated without the
`contactless smart chip needing to communicate with a reader
`or point of sale terminal, and which overcomes the noted
`disadvantages of current approaches. Embodiments of the
`invention address these problems and other problemsindi-
`vidually and collectively.
`
`BRIEF SUMMARY
`
`instructions stored in the memory, which when executed by
`the processor implement a method to receive data for a pay-
`ment transaction from a point of sale terminal, wherein at
`least some ofthe data is providedto the point of sale terminal
`bya mobile device that communicates with the pointof sale
`terminal using a near Geld communications mechanism, pro-
`cess the received data to generate a record of the transaction,
`wherein the record of the transaction includes an update to
`data stored in the mobile device as a result ofcommunicating
`with the point ofsale terminal, and provide the record of the
`transaction to an element of a wireless communications sys-
`tem, thereby causing the record. of the transaction tobe pro-
`vided to the mobile device over a wireless network.
`[0013]
`In yet another embodiment, the present inventionis
`directed to a method of conducting a payment transaction,
`[0009] Embodiments ofthe present invention are directed
`where the method includes communicating with a point of
`to a system, apparatus, and method for using a contactless
`sale terminal using a near field communications mechanism
`element (such as a contactless smart chip) as part of a pay-
`of a payment device as part of the payment transaction,
`ment transaction. Specifically, embodiments of the present
`wherein the payment device includes a contactless element
`invention are directed to facilitating the update or synchroni-
`and is contained in a mobile phone, and receiving data to
`zation of transaction data and transaction recordsstored in a
`update a record of the paymenttransaction contained in the
`memorythat is part of a payment device (such as a mobile
`mobile phone using a cellular phone communications net-
`phone), where the device includes a contactless element. The
`work.
`inventive system, apparatus and method can be implemented
`In yet another embodiment, the present invention is
`[0014]
`using a contactless smart chip and a wireless data transfer
`directed to an apparatusfor facilitating paymenttransactions
`element(e.g., a near field communications (NFC) capability,
`between a plurality of consumers and a plurality of mer-
`etc.) embedded within a mobile wireless device. The mobile
`chants, where the apparatus includes a processor, a memory,
`device may be a mobile phone, PDA, MP3 playeror thelike.
`and a set of instructions stored in the memory, which when
`The smart chip or other type of contactless element can be
`executed by the processor implement a method to generate a
`integrated with the circuitry of the mobile device to permit
`first pair of encryption keys, the first pair of encryption keys
`data stored on the chip to be accessed and manipulated(e.g.,
`including a first encryption key and a second encryption key,
`read, written, erased) using the wireless communications net-
`generate a secondpair of encryption keys, the secondpair of
`work as a data transport or commandtransport channel. In
`encryption keys includinga first encryption key and a second
`this way, transaction data provided byan Issuer may be pro-
`encryption key, distribute the first pair ofencryption keys to a
`vided to the paymentdevice in the absence ofcommunication
`first mobile gateway, the first mobile gateway configured to
`betweenthe payment device andanear field communications
`process a first set of payment transactions, and distribute the
`device reader or point ofsale terminal.
`second pair of encryption keys to a second mobile galeway,
`[0010] This permits the Issuer to update transaction data
`the second mobile gatewayconfiguredto process a secondset
`and/or synchronize data or records stored in the payment
`of payment transactions, whereinthefirst set of transactions
`device with those maintained by the Issuer whenthe contact-
`is different from the second set of transactions.
`less clement is not in the proximity ofthe device reader or
`[0015] Other objects and advantages of the present inven-
`terminal. This capability is particularly useful in the case ofa
`tion will be apparent to one of ordinaryskill in the art upon
`prepaid balance being stored in the payment device, since
`reviewofthe detailed description ofthe present invention and
`without an accurate balance, a user may be prevented from
`the includedfigures.
`completing a transaction that they should be entitled to cam-
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`plete. Similarly, a credit or debit account balance stored in the
`payment device maybe updatedto properlyreflect the status
`of the accountin a situation where the data stored after inter-
`action between the contactless element and reader or terminal
`wasincorrect or incomplete.
`[0011]
`Inone embodiment, the present invention is directed
`to a mobile device for use in conducting a payment transac-
`tion, where the mobile device includes a processor, a memory,
`and a set of instructions stored in the memory, which when
`executed bythe processor implement a method to conduct the
`paymenttransaction by communicating with a point ofsale
`terminal using a near field communications mechanism ofthe
`mobile device, and receive data related to the payment trans-
`action al the mobile device using a cellular communications
`network, wherein the received data related to the payment
`transactionis an update todata stored in the mobile device as
`a result of communicating with the point of sale terminal.
`[0012]
`In another embodiment, the present invention is
`directed to a data processing device, where the data process-
`ing device includes a processor, a memory, and a set of
`
`FIG. 1 is a block diagramillustrating a transaction
`[0016]
`processing system that may be used with some embodiments
`of the present invention:
`[0017]
`FIG. 2is a functional block diagram illustrating the
`primary components of a system for updating or synchroniz-
`ing, transaction data for a transaction that uses a contactless
`element contained within a mobile device, in accordance with
`an embodimentof the present invention;
`[0018]
`FIG. 3 is a functional block diagram illustrating the
`primary components of a mobile device, such as a mobile
`phone that may be used as part of the inventive system and
`method;
`FIG. 4 isa flowchart illustrating an embodiment of
`[0019]
`the inventive methodor process for updating or synchroniz-
`ing transaction data for a transaction that uses a contactless
`element contained within a mobile device;
`[0020]
`FIGS. 5(a), 5(6), and 5(c) are flow chartsillustrating
`a process for distributing and using encryption keys to pro-
`
`
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 10 of 19
`
`

`

`US 2010/0211507 Al
`
`Aug. 19, 2010
`
`ue
`
`vide secure transfer of payment transaction or other data
`between an Issuer and a mobile device, in accordance with an
`embodimentofthe present invention; and
`[0021]
`FIG. 6 isa block diagram of an exemplary comput-
`ing apparatus that maybe used to implement an embodiment
`ofthe inventive methodor process lor updating or synchro-
`nizing transactiondata for a transaction that uses a contactless
`element contained within a mobile device.
`
`DETAILED DESCRIPTION
`
`
`
`[0022] Embodiments ofthe present invention are directed
`to a system, apparatus, and method for processing payment
`transactions that are conducted using a mobile device that
`includes a contactless element, such as an integrated circuit
`chip. ‘he invention enables the updating, correction or syn-
`chronizationoftransaction data maintained byan Issuer with
`that stored on the device. This is accomplished byusing a
`wireless (cellular) network as a data communication channel
`for data provided by an Issuer to the mobile device, and is
`particularly advantageousin circumstances in which the con-
`tactless element is nat presently capable of communication
`with a device readeror pointofsale terminal that uses a near
`field communications mechanism. In some embodiments,
`data transferred between the mobile device and Issuer(i.e.,
`either from the device to the Issuer or from the Issuer to the
`device) may be encrypted and decrypted(e.g., using “keys”
`such, as public key infrastructure (PKT) keys or symmetric
`keys) to provide additional security and protect the data from
`being accessed by other users or applications. If encryption
`keys are used for the encryption and decryption processes,
`hey maybe distributed by a keydistribution server or other
`suitable entity to a mobile gateway whichparticipates in the
`data encryption and decryption operations.
`[0023] The present invention is typically implemented in
`he context of a payment
`transaction;
`therefore prior to
`describing one or more embodiments of the invention in
`greater detail, a brief discussion of the entities involved in
`processing and authorizing a payment transaction, and their
`roles in the authorization process will be presented.
`[0024]
`[TIG. 1 is a block diagramillustrating a transaction
`processing, system that may be used with some embodiments
`of the present invention. Typically, an electronic payment
`ransaction is authorized if the consumer conducting the
`transaction is properly authenticated (i.e., their identity and
`heir valid use of a payment account is verified) and has
`sufficient funds or credit to conduct the transaction. Con-
`versely, ifthere are insufficient funds or credit in the consum-
`er’s account, or if the consumer’s payment device is on a
`negative list (e.g., it is indicated as possibly having been
`stolen), then an electronic payment transaction maynot be
`authorized. In the following description, an “Acquirer” is
`typically a business entity (¢c.g.. a commercial bank) that has
`a business relationship with a particular merchant. An
`“Issucr” is typically a business entity (¢.g., a bank) which
`issues a payment device such as a credit or debit card to a
`consumer. Some entities may perform both Issuer and
`Acquirer functions.
`[0025]
`FIG.1 illustrates the primary functional elements
`that are typically involved in processing a payment transac-
`tion and in the authorization processfor such a transaction. As
`shown in FIG.1, ina typical paymenttransaction, a consumer
`wishing to purchase a good orservice from a merchantuses a
`portable consumer payment device 20 to provide payment
`transaction data that maybe used aspart of an authorization
`
`process. Portable consumer payment device 20 maybe a debit
`card, credit card, smart card, mobile device containing a
`contactless chip, or other suitable form of device.
`[0026] The portable consumer paymentdevice is presented
`to a device reader or point of sale (POS) terminal 22 whichis
`able to access data stored on or within the payment device.
`The account data (as well as any required consumer data) is
`communicated to the merchant 24 and ultimatelyto the mer-
`chant’s transaction/data processing system 26. As part of the
`authorization process performed by the merchant, merchant
`transaction processing system 26 mayaccess merchant data-
`base 28, which typically stores data regarding the customer/
`consumer (as the result of a registration process with the
`merchant, for example), the consumer’s payment device, and
`the consumer’s transaction history with the merchant. Mer-
`chant transaction processing system 26 typically communi-
`cates with Acquirer 30 (which manages the merchant’s
`accounts) as part ofthe overall authorization process. Mer-
`chanttransaction processing system 26 and/or Acquirer 30
`provide data to Payment Processing, Network 34, which
`among other functions, participates in the clearance and
`settlement processes that are part of the overall transaction
`processing. Communication and data transfer between Mer-
`chant transaction processing system 26 and Payment Process-
`ing Network 34is typically by means ofan intermediary, such
`as Acquirer 30. As part of the transaction authorization pro-
`cess, Payment Processing Network 34 may access account
`database 36, which typically contains information regarding
`the consumer’s account paymenthistory, chargeback or trans-
`action dispute history, credit worthiness, etc. Payment Pro-
`cessing Network 34 communicates with Issucr 38 as part of
`the authorization process, where Issuer 38 is the entity that
`issued the payment device to the consumer and manages the
`consumer’s account. Customer or consumer accountdata is
`typically stored in customer/consumer database 40 which
`may be accessed byIssuer 38 as part of the authentication,
`authorization or account management processes. Note that
`instead of, or in addition to being stored in account database
`36, consumer account data maybe includedin, or otherwise
`part of customer/consumerdatabase 40.
`[0027]
`Instandard operation, an authorization request mes-
`sage is created during a consumer purchase of a good or
`service al a point of sale (POS) using a portable consumer
`payment device (such as a credit or debit card). In some
`embodiments, the portable consumer payment device may be
`a wireless phonethat incorporates a contactless card or chip.
`‘The contactless card or chip may communicate with the point
`of sale terminal using a near field communications (NIC)
`capability. The authorization request message is typically
`sent from the device reader/POS terminal 22 through the
`merchant’s data processing system 26 to the merchant’s
`Acquirer 30, to a paymentprocessing network 34, and then to
`an Issuer 38. An “authorization request message” can include
`a request for authorization to conductan electronic payment
`transaction. It mayinclude one or more of an account holder’s
`payment account number, currency code, sale amount, mer-
`chanttransaction stamp, acceptorcity, acceptorstate/country,
`ete.An authorization request message maybe protected using
`a secure encryption method(e.g., 128-bit SSL or equivalent)
`in order to prevent data from being compromised.
`[0028] After the Issuer receives the authorization request
`message, the Issuer determines if the transaction should be
`authorized and sends an authorization response message back
`to the payment processing network to indicate whether or not
`
`
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 11 of 19
`
`

`

`US 2010/0211507 Al
`
`Aug. 19, 2010
`
`
`
`reader or point of sale terminal using a short range commu-
`nication method,such as a near field communications (NFC)
`capability. Examples of such NFC technologies or similar
`short range communications technologies include [SOstan-
`dard 14443, RFID, Bluetooth™ and Infra-red communica-
`tions methods.
`
`he current transaction is authorized, The paymentprocessing
`system then forwards the authorization response message to
`the Acquirer. The Acquirer then sends the response message
`o the Merchant. ‘he Merchantis thus made aware ofwhether
`the Issuer has authorized the transaction, and hence whether
`fhe transaction can be completed.
`[0029] Ata later time, a clearance and settlement process
`FIG. 2 is a functional block diagram illustrating the
`[0034]
`primary components of a system 100 for updating or synchro-
`maybe conducted by elements of the payment/transaction
`processing system depicted in FIG. 1. A clearance process
`nizing transaction data for a transaction that uses a contactless
`element contained within a mobile device, in accordance with
`involves exchanging financial details between an Acquirer
`andan Issuerto facilitate posting a transaction lo a consum-
`an embodimentofthe present invention. As shown in FIG.1,
`er’s account and reconciling the consumer’s settlement posi-
`system 100 includes a mobile device 102 having wireless
`ion. Clearance andsettlement can occur simultaneouslyor as
`communications capabilities 122. Mobile device 102 may be
`separate processes.
`a wireless mobile telephone, PDA, laptop computer, pager,
`etc. In a typical embodiment, mobile device 102 is a cell
`[0030]
`Payment Processing Network 34 may include data
`phone, although as noted,
`implementation of the present
`processing subsystems, networks, and other means o!imple-
`inventionis not limited to this embodiment. In the case of a
`menting operations used to support and deliver authorization
`cell phone as the mobile device 102, the device includes
`services, exception file services, and clearing and settlement
`mobile device (cell phone) circuitry 104 that enables certain
`services for payment transactions. An exemplary Payment
`of the telephony functions. Among other functions, mobile
`Processing, Network mayinclude VisaNet. Payment Process-
`device circuitry 104 enables mobile device 102 to communi-
`ing Networks such as VisaNetare able to process credit card
`cate wirelessly with cellular system(i.e., a wireless carrier)
`transactions, debit card transactions, and other types of com-
`120 via cellular network 122.
`mercial transactions. VisaNet. in particular, includes a VIP
`system (Visa Integrated Payments system) which processes
`[0035] Mobile device 102 further includes a contactless
`authorization requests and a Base II system which performs
`element 106, typically implemented in the form of a semi-
`transaction clearing and settlement services.
`conductor chip. Contactless element 106 may include a
`secure data storage element 110, although secure data storage
`[0031]
`Payment Processing Network 34 may include a
`element 110 may also be implemented as a separate element
`server computer. A server computer is typically a powerful
`from contactless element 106. Contactless element 106
`computer or cluster of computers. For example, the server
`includes a near field communications (NFC) data transfer
`computer can be a large mainframe, a minicomputercluster,
`(e.g., data transmission) element 105, such as an antenna or
`ora group of servers functioning as a unit. In one example,the
`transducer. Contactless clement 106 is typically embedded
`server computer may be a database server coupled to a web
`within and integrated with the elements ofmobile device 102,
`server. Payment Processing Network 34 may use anysuitable
`and data or control instructions transmitted via cellular net-
`combination of wired or wireless networks, including the
`work 122 may be exchanged with or applied to contactless
`Internet, to permit communication anddata transfer between
`element 106 by means ofcontactless element interface 108.
`network elements. Among other functions, Payment Process-
`Contactless element interface 108 functions to permit the
`ing