U520100211507A1
`
`(19) United States
`(12) Patent Application Publication (10) Pub. N0.: US 2010/0211507 A1
`(43) Pub. Date: Aug. 19, 2010
`
`Aabye et a].
`
`(54) OVER THE AIR UPDATE OF PAYMENT
`TRANSACTION DATA STORED IN SECURE
`MEMORY
`
`(76)
`
`Inventors:
`
`Christian Aabye, Morgan Hill, CA
`(US); Hao Ngo, San Jose, CA (US);
`David \Villiam Wilson, London
`(GB); Gustavo Mariath Zeiden,
`Chineham (GB); Chris Pitchford,
`Chinehain (GB); Kiushan
`Pirzadeh, Morgan Hill, CA (US)
`
`Correspondence Address:
`TOWVSEND AND TOWVSENI) CREW IlI/P
`TWO EMBARCADERO CENTER, 8TH FLOOR
`SAN FRANCISCO, CA 94111 (US)
`
`(21) App]. No.:
`
`12/563421
`
`(22)
`
`Filed:
`
`Sep. 21, 2009
`
`Related U.S. Application Data
`
`(60) Provisional application No. 61/099,060, filed on Sep.
`22, 2008.
`
`Publication Classification
`
`(51)
`
`Int. Cl.
`(2006.01)
`G06Q 20/00
`(2006.01)
`H04L 9/14
`(2006.01)
`G06Q 40/00
`(2006.01)
`G06Q 30/00
`(52) U.S. Cl.
`................................ 705/71; 705/17; 705/64
`(57)
`ABSTRACT
`A system, apparatus, and method for processing payment
`transactions that are conducted using a mobile device that
`includes a contactless element, such as an integrated circuit
`chip. The invention enables the updating, correction or syn—
`chronization oftransaction data maintained by an Issuer with
`that stored 011 the device. This is accomplished by using a
`wireless (cellular) network as a data communication channel
`for data provided by an Issuer to the mobile device, and is
`particularly advantageous in circumstances in which the con—
`tactlcss element is not presently capable of communication
`with a device reader or point of sale terminal that uses a near
`field communications mechanism. Data transferred between
`the mobile device and Issuer may be encrypted and decrypted
`to provide additional security and protect the data from being
`accessed by other users or applications. Ifencryption keys are
`used for the encryption and decryption processes, they may
`be distributed by a key distribution server or other suitable
`entity to a mobile gateway which participates in the data
`encryption and decryption operations.
`
`Consumer
`
`Payment Device
`
`20
`
`
`
`
`Payment Device
`Reader/PCS
`Terminal
`22
`
`/
`
`/
`
`/
`
`Merchant
`Data.
`Processing
`System
`26
`
`
`
`
`Acquirer
`30
`
`\\
`
`\
`
`Payment
`ProceSSing
`Network
`34
`
`Issuer
`38
`
`1
`r—7
`/ Merchant /
`Database(
`
`\
`28
`\
`\%
`
`i
`‘
`F“—/
`/———'fi
`Consumer /
`Account
`/
`Database (
`< Database
`
`\
`40
`\
`36
`\—i %
`
`Google LLC v. RFCyber Corp. I Page 1 of 19
`
`6006-1009
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 1 of 19
`
`PGR2022-00003
`Apple EX1009 Page 1
`
`

`

`Patent Application Publication
`
`Aug. 19, 2010 Sheet 1 of 7
`
`US 2010/0211507 A1
`
`532
`
`mm
`
`
`
`ssmemooEn.
`
`EOE>mm
`
`x5262
`
`vm
`
`E2222
`
`Ema
`
`mewonn.
`
`E396
`
`ow
`
`LESUQQ
`
`om
`
`5:52.00
`
`ommnflmo
`
`0v
`
`Esooo<
`
`mmmnfimo
`
`mm
`
`E2955.
`
`389mm
`
`mm
`
`r0.59“.
`
`
`
`
`
`
`
`
`
`
`
`
`hwEDwCOO
`
`
`
`003mmEmE‘Amm
`
`om
`
`
`
`
`
`mo_>on_EmE>ma
`
`mOnEmnmom
`
`EEEEP
`
`NN
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 2 of 19
`
`PGR2022-00003
`Apple EX1009 Page 2
`
`

`

`Patent Application Publication
`
`Aug. 19, 2010 Sheet 2 of 7
`
`US 2010/0211507 A1
`
`
`
`
`
`>3.:ofibocm
`
`atomcozanmE
`
`9:.
`
`
`
`Emygw53:8
`
`
`
`>m33m®$522
`
`a?
`
`§{0352528
`
`
`
`8300250.2
`
`
`
`
`
`532
`
`m2.
`
`Ewriwa
`
`mEmmmooi
`
`{9,302
`
`3:.
`
`
`
`OS35858382522
`
`
`
`EmEQmmmmsumucoo
`
`momtwfi:
`
`we.
`
`«Or
`
`Emamar
`
`98%Amvcozmeag
`
`
`
`
`
`
`
`._9_:co<nV65cm:$805
`NnvNrrEmEQmm:
`
`E2052mm£8
`
`355Emoi\\\Hoatmummm833On:2:.oEoE
`
`53.:02o:
`
`N939m
`
`9_\«Eu
`
`m9.
`
`
`
`we.
`
`
`
`
`
`
`
`”fl
`
`
`
`
`
`
`
`
`
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 3 of 19
`
`PGR2022-00003
`Apple EX1009 Page 3
`
`

`

`Patent Application Publication
`
`Aug. 19, 2010 Sheet 3 of 7
`
`US 2010/0211507 A1
`
`
`
`
`
`Antenna
`318
`
`Processor
`304
`
`Display
`306
`
`Data Input/Output
`308
`
`Communications
`310
`
`316
`
`Applications/Data Storage/
`Memory
`312
`
`Contactless Element
`Interface
`314
`
`Contactless Element
`
`Secure Memory/NFC Data Transfer
`
`302
`
`Figure 3
`
`
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 4 of 19
`
`PGR2022-00003
`Apple EX1009 Page 4
`
`

`

`Aug. 19, 2010 Sheet 4 of 7
`Patent Application Publication
`
`
`US 2010/0211507 A1
`
`Payment Device and
`Reader/PCS Terminal
`
`Conduct Transaction Using
`Communication Between
`
`402
`
`Provide Payment Device
`Data to Reader/PCS
`Terminal
`404
`
`
`Store Received Transaction
`
`
`
`406
`
`
`Data in Payment Device
`Memory (optional)
`
`
`
`
`
`
`
`Terminate Communication
`
`Between Payment Device
`and Reader/P08 Terminal
`408
`
`
`
`Update Transaction Date
`Stored in Payment Device
`Memory via Cellular Network
`410
`
`
`
`
`
`Figure 4
`
`
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 5 of 19
`
`PGR2022-00003
`Apple EX1009 Page 5
`
`

`

`Patent Application Publication
`
`Aug. 19, 2010 Sheet 5 of 7
`
`US 2010/0211507 A1
`
`
`
`
`
`For Each Mobile Gateway,
`Encryption Key Sewer
`Distributes First Encryption
`
`Key Pair
`
`502
`
`
`
`
`
`
`
`
`Encryption Key Sewer
`
`
`Encryption Key Server
`Stores Second Key of First
`Provides One Key of First
`
`
`Key Pair in Encryption Key
`Key Pair to Mobile Gateway
`Server
`
`
`504
`506
`
`
`Figure 5(a)
`
`
`
`For Each issuer, Encryption
`Key Server Distributes
`Second Encryption Key Pair
`508
`
`
`
`
`
`
`Encryption Key Server
`Stores Second Key of
`Second Key Pair in
`Encryption Key Server
`514
`
`
`
`
`
`
`Encryption Key Sewer
`Provides One Key of Second
`Key Pair to issuer
`
`
`
`
`
`
`Issuer Uses Key of Second
`Key Pair to Generate Unique
`Key for Each Mobile
`Payment Device
`512
`
`
`
`
`
`
`
`Figure 5(b)
`
`
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 6 of 19
`
`PGR2022-00003
`Apple EX1009 Page 6
`
`

`

`Patent Application Publication
`
`Aug. 19, 2010 Sheet 6 of 7
`
`US 2010/0211507 A1
`
`
`
`
`
`
`Mobile Device
`
`Initiates Payment
`Transaction with
`Device Reader or
`POS Terminal
`522
`
`
`
`
`
`Acquirer Provides
`Transaction Data to
`the Payment
`Processing Network
`and Issuer
`524
`
`
`
`I
`
`Issuer Processes the
`Transaction Data, and
`Provides Updated
`Data to the Payment
`Processing Network
`(or Directly to Mobile
`Gateway)
`526
`
`“MW—
`
`
`
`
`Updated Transaction Data is
`Provided to the Mobile Gateway
`— Mobile Gateway Connects to
`the Encryption Key Server and
`to the Mobile Device
`528
`
`
`
`
`
`
`t
`Encryption Key Server
`Generates Session
`
`Specific Key from the
`One Key of the First
`Key Pair
`530
`
`
`
`__T’
`
`Encryption Key Server
`Uses the One Key of
`the Second Key Pair
`to Generate Unique
`Key for the Mobile
`Device and Encrypts
`the Session Key
`Using the Unique Key
`for the Mobile Device
`532
`
`‘F—T
`Encryption Key Server
`Distributes the
`
`Encrypted Session
`Key to the Mobile
`Device (via the Mobile
`Gateway)
`534
`
`__I_
`
`'
`.
`”lows DeVIce U593
`the Unique Key
`(provnded in stage 512
`of Figure 5(b)) to
`Recover the Session
`Key to Enable
`Decryption of the
`Updated Transaction
`Data
`536
`
`
`
`
`
`Figure 5(c)
`
`
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 7 of 19
`
`PGR2022-00003
`Apple EX1009 Page 7
`
`

`

`Patent Application Publication
`
`Aug. 19, 2010 Sheet 7 of 7
`
`US 2010/0211507 A1
`
`
`
`Central
`I/O
`
`
`Printer
`Processor
`
`Controller
`610
`
`660
`690
`
`System
`
`
`
`
`
`
`
`External
`Fixed Disk
`Keyboard
`Interface
`
`630
`620
`680
`
`
`
`Serial Port
`670
`
`Monitor
`640
`
`Figure 6
`
`
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 8 of 19
`
`PGR2022-00003
`Apple EX1009 Page 8
`
`

`

`US 2010/0211507 A1
`
`Aug. 19, 2010
`
`OVER THE AIR UPDATE OF PAYMENT
`TRANSACTION DATA STORED IN SECURE
`MEMORY
`
`CROSS REFERENCE TO RELATED
`APPLICATIONS
`
`[0001] This application claims priority from US. Provi-
`sional Patent Application No. 61/099060, entitled “ Iontact—
`less Phone With Secret Data”, filed Sep. 22, 2008, the con-
`tents of which is hereby incorporated in its entirety by
`reference for all purposes.
`
`BACKGROUND
`
`[0002] Embodiments of the present invention are directed
`to systems, apparatuses and methods for the processing of
`payment transactions, and more specifically, to a system and
`associated apparatus and method for processing a transaction
`that includes synchronizing transaction data stored in a device
`having a contactless element with transaction data main—
`tained by an Issuer. The present invention is further directed to
`systems, apparatuses, and methods for using a contactless
`element such as an integrated circuit chip embedded in a
`wireless mobile device to enable payment transactions.
`[0003] Consumer payment devices are used by millions of
`people worldwide to facilitate various types of commercial
`transactions. In a typical transaction involving the purchase of
`a product or service at a merchant location. the payment
`device is presented at a point of sale terminal (“POS termi—
`nal”) located at a merchant’s place of business. The POS
`terminal may be a card reader or similar device that is capable
`of accessing data stored on the payment device, where this
`data may include identification or authentication data, for
`example. Data read from the payment device is provided to
`the merchant’s transaction processing system and then to the
`Acquirer, which is typically a bank or other institution that
`manages the merchant’s account. The data provided to the
`Acquirer may then be provided to a payment processing
`network that is in communication with data processors that
`process the transaction data to determine if the transaction
`should be authorized by the network, and assist in the clear-
`ance and account settlement functions for the transaction. The
`authorization decision and clearance and settlement portions
`of the transaction may also involve communication and/or
`data transfer between the payment processing network and
`the bank or institution that issued the payment device to the
`consumer (the Issuer).
`[0004] Although a consumer payment device may be a
`credit card or debit card, it may also take the fonn ofa “smart"
`card or chip. A smart card is generally defined as a pocket-
`sized card (or other portable payment device) that is embed—
`ded with a microprocessor and one or more memory chips, or
`is embedded with one or more memory chips with non—pro—
`grammable logic. The microprocessor type card typically can
`implement certain data processing functions, such as to add,
`delete, or otherwise manipulate information stored in a
`memory location on the card. In contrast, the memory chip
`type card (for example, a prepaid phone card) can typically
`only act as a file to hold data that is manipulated by a card
`reading device to perform a pre-dcfincd operation. such as
`debiting a charge from a pre-established balance stored in the
`memory. Smart cards, unlike magnetic stripe cards (such as
`standard credit cards), can implement a variety of functions
`and contain a variety of types of information on the card.
`
`Therefore, in some applications they may not require access
`to remote databases for the purpose of user authentication or
`record keeping at the time of a transaction. A smart chip is a
`semiconductor device that is capable of performing most, if
`not all, ofthe functions ofa smart card, but may be embedded
`in another device,
`
`Smart cards or chips come in two general varieties;
`[0005]
`the contact type and the contactless type. A contact typc smart
`card or chip is one that includes a physical element (e.g., a
`magnetic stripe) that enables access to the data and fimctional
`capabilities ofthe card, typically via some form ofterminal or
`card reader. A contactless smart card or chip is a device that
`incorporates a means of communicating with the card reader
`or point of sale terminal without the need for direct physical
`contact. Thus, such devices may effectively be “swiped” (i.e.,
`waved or otherwise presented in a manner that results in
`enabling communication between the contactless element
`and a reader or tenninal) by passing them close to a card
`reader or terminal. Contactless cards or chips typically com-
`municate with a card reader or terminal using RF (radio—
`frequency) technology, wherein proximity to the reader or
`terminal enables data transfer between the card or chip and
`the reader or terminal. Contactless cards have fotmd uses in
`banking and other applications, where they have the advan—
`tage ofnot requiring removal from a user’s wallet or pocket in
`order to participate in a transaction. A contactless card or chip
`may be embedded in. or otherwise incorporated into, a mobile
`device such as a mobile phone or personal digital assistant
`(PDA). Further, because ofthe growing interest in such cards,
`standards have been developed that govem the operation and
`interfaces for contactless smart cards, such as the ISO 14443
`standard.
`
`In a typical payment transaction, data is sent from a
`[0006]
`point of sale terminal to the Issuer to authenticate a consumer
`and obtain authorization for the transaction. As part of the
`authentication or authorization processes, the data may be
`accessed or processed by other elements of the transaction
`processing system (e.g., the merchant’s Acquirer or a pay-
`ment processor that is part ofa payment processing network).
`Note that in some cases, authorization for the transaction may
`be obtained without comiecting to the Issuer; this may be
`permitted by Issuer configured risk management parameters
`that have been set on the consumer‘s payment application or
`payment device. If the proposed transaction is authorized,
`then the consumer may provide other information to the mer—
`chant as part of completing the transaction. The Issuer or data
`processor may also send data back to the consumer. Such data
`may include an update to records ofthe transactions for which
`the payment device has been used, or to a current balance of
`an accotmt associated with the device.
`[0007]
`In the case of a transaction that uses a contactless
`element, a reader or point of sale terminal is typically only in
`communication with the contactless element for a short
`period of time (e.g., the amount of time needed for the ele-
`ment
`to be recognized by the reader and to provide data
`needed to initiate or conduct a portion ofthe transaction). This
`means that an Issuer or other party Wishing to provide trans—
`action related data to a consumer’s payment device may be
`unable to effectively communicate with the consumer using
`the reader or point of sale terminal. This can create problems
`for a consumer who Wishes to use the payment device for a
`later transaction, as the balance ofa prepaid card or balance of
`a credit card or debit card account may be incorrect and affect
`the consumer’s ability to obtain authorization for the later
`
`
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 9 of 19
`
`PGR2022-00003
`Apple EX1009 Page 9
`
`

`

`US 2010/0211507 A1
`
`Aug. 19, 2010
`
`transaction. It may also cause a consumer wishing to access
`their account information to mistakenly think that they have
`either more or less funds available to them than they actually
`do.
`[0008] What is desired is a system, apparatus and method
`for enabling transaction data stored on a payment device that
`utilizes a contactless smart chip to be updated without the
`contactless smart chip needing to communicate with a reader
`or point of sale terminal, and which overcomes the noted
`disadvantages of current approaches Embodiments of the
`invention address these problems and other problems indi-
`vidually and collectively.
`
`BRIEF SUMMARY
`
`[0009] Embodiments of the present invention are directed
`to a system, apparatus, and method for using a contactless
`element (such as a contactless smart chip) as part of a pay-
`ment transaction. Specifically, embodiments of the present
`invention are directed to facilitating the update or synchroni—
`zation of transaction data and transaction records stored in a
`memory that is part of a payment device (such as a mobile
`phone), where the device includes a contactless element. The
`inventive system, apparatus and method can be implemented
`using a contactless smart chip and a wireless data transfer
`element (e.g., a near field communications (NFC) capability,
`etc.) embedded within a mobile wireless device. The mobile
`device may be a mobile phone, PDA, MP3 player orthe like.
`The smart chip or other type of contactless element can be
`integrated with the circuitry of the mobile device to permit
`data stored on the chip to be accessed and manipulated (e.g.,
`read, written, erased) using the wireless communications net—
`work as a data transport or command transport channel. In
`this way, transaction data provided by an Issuer may be pro—
`vided to the payment device in the absence ofcommunication
`between the payment device and a near field communications
`device reader or point of sale terminal.
`[0010] This permits the Issuer to update transaction data
`and/or synchronize data or records stored in the payment
`device with those maintained by the Issuer when the contact-
`less elcmcnt is not in the proximity of the device reader or
`terminal. This capability is particularly useful in the case of a
`prepaid balance being stored in the payment device, since
`without an accurate balance, a user may be prevented from
`completing a transaction that they should be entitled to com—
`plete. Similarly, a credit or debit account balance stored in the
`payment device may be updated to properly rellect the status
`of the account in a situation where the data stored after inter-
`action between the contactless element and reader or terminal
`was incorrect or incomplete.
`[001 1]
`In one embodiment, the present invention is directed
`to a mobile device for use in conducting a payment transac-
`tion. where the mobile device includes a processor, a memory,
`and a set of instructions stored in the memory, which when
`executed by the processor implement a method to conduct the
`payment transaction by commtmicating with a point of sale
`terminal using a near field communications mechanism ofthe
`mobile device, and receive data related to the payment trans-
`action at the mobile device using a cellular communications
`network, wherein the received data related to the payment
`transaction is an update to data stored in the mobile device as
`a result of communicating with the point of sale terminal.
`[0012]
`In another embodiment, the present invention is
`directed to a data processing device, where the data process-
`ing device includes a processor, a memory, and a set of
`
`instructions stored in the memory, which when executed by
`the processor implement a method to receive data for a pay—
`ment transaction from a point of sale terminal, wherein at
`lea st some ofthe data is provided to the point of sale terminal
`by a mobile device that communicates with the point of sale
`terminal using a near field communications mechanism, pro—
`cess the received data to generate a record of the transaction,
`wherein the record of the transaction includes an update to
`data stored in the mobile device as a result ofcommunicating
`with the point of sale terminal, and provide the record of the
`transaction to an element of a wireless commtuiications sys-
`tem, thereby causing the record of the transaction to be pro—
`vided to the mobile device over a wireless network.
`[0013]
`In yet another embodiment, the present invention is
`directed to a method of conducting a payment transaction,
`where the method includes communicating with a point of
`sale terminal using a near field communications mechanism
`of a payment device as part of the payment transaction,
`wherein the payment device includes a contactless element
`and is contained in a mobile phone, and receiving data to
`update a record of the payment transaction contained in the
`mobile phone using a cellular phone communications net—
`work.
`In yet another embodiment, the present invention is
`[0014]
`directed to an apparatus for facilitating payment transactions
`between a plurality of consumers and a plurality of mer-
`chants, whcre the apparatus includes a processor, a memory,
`and a set of instructions stored in the memory, which when
`executed by the processor implement a method to generate a
`first pair of encryption keys, the first pair of encryption keys
`including a first encryption key and a second encryption key,
`generate a second pair of encryption keys, the second pair of
`encryption keys including a first encryption key and a second
`encryption key, distribute the first pair ofencryption keys to a
`first mobile gateway, the first mobile gateway configured to
`process a first set of payment transactions, and distribute the
`second pair ofencryption keys to a second mobile gateway,
`the second mobile gateway configured to process a second set
`of payment transactions, wherein the first set of transactions
`is different from the second set of transactions.
`[0015] Other objects and advantages of the present inven—
`tion will be apparent to one of ordinary skill in the art upon
`review ofthe detailed description ofthe present invention and
`the included figures.
`
`BRIEF DESCRIPTION OF THE DRAWTNGS
`
`FIG. 1 is a block diagram illustrating a transaction
`[0016]
`processing system that may be used with some embodiments
`of the present invention;
`[0017]
`FIG. 2 is a functional block diagram illustrating the
`primary components of a system for updating or synchroniz-
`ing transaction data for a transaction that uses a contactless
`element contained within a mobile device, in accordance with
`an embodiment of the present invention;
`[0018]
`FIG. 3 is a functional block diagram illustrating the
`primary components of a mobile device, such as a mobile
`phone that may be used as part of the inventive system and
`method;
`FIG. 4 is a flow chart illustrating an embodiment of
`[0019]
`the inventive method or process for updating or synchroniz—
`ing transaction data for a transaction that uses a contactless
`element contained within a mobile device;
`[0020]
`FIGS. 5(a), 5(1)), and 5(0) are flow charts illustrating
`a process for distributing and using encryption keys to pro-
`
`
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 10 of 19
`
`PGR2022-00003
`Apple EX1009 Page 10
`
`

`

`US 2010/0211507 A1
`
`D.)
`
`Aug. 19, 2010
`
`vide secure transfer of payment transaction or other data
`between an Issuer and a mobile device, in accordance with an
`embodiment of the present invention; and
`[0021]
`FIG. 6 is a block diagram of an exemplary comput—
`ing apparatus that may be used to implement an embodiment
`of the inventive method or process for updating or synchro—
`nizing transaction data for a transaction that uses a contactless
`element contained within a mobile device.
`
`DETAILED DESCRIPTION
`
`
`
`[0022] Embodiments of the present invention are directed
`to a system, apparatus, and method for processing payment
`transactions that are conducted using a mobile device that
`includes a contactless element, such as an integrated circuit
`chip. The invention enables the updating, correction or syn—
`chronization oftransaction data maintained by an Issuer with
`that stored on the device. This is accomplished by using a
`wireless (cellular) network as a data communication channel
`for data provided by an Issuer to the mobile device, and is
`particularly advantageous in circumstances in which the con-
`tactless element is not presently capable of communication
`with a device reader or point of sale terminal that uses a near
`field communications mechanism. In some embodiments,
`data transferred between the mobile device and Issuer (i.e.,
`either from the device to the Issuer or from the Issuer to the
`device) may be encrypted and decrypted (e.g., using “keys”
`such, as public key infrastructure (PKI) keys or symmetric
`(eys) to provide additional security and protect the data from
`aeing accessed by other users or applications. If encryption
`(eys are used for the encryption and decryption processes,
`hey may be distributed by a key distribution server or other
`suitable entity to a mobile gateway which participates in the
`data encryption and decryption operations.
`[0023] The present invention is typically implemented in
`he context of a payment
`transaction;
`therefore prior to
`describing one or more embodiments of the invention in
`greater detail, a brief discussion of the entities involved in
`arocessing and authorizing a payment transaction, and their
`roles in the authorization process will be presented.
`[0024]
`FIG. 1 is a block diagram illustrating a transaction
`arocessing system that may be used with some embodiments
`of the present invention. Typically, an electronic payment
`ransaction is authorized if the consumer conducting the
`transaction is properly authenticated (i.e., their identity and
`heir valid use of a payment account is verified) and has
`sufficient funds or credit to conduct the transaction. Con-
`versely, ifthere are insufficient funds or credit in the consum—
`er’s account, or if the consumer’s payment device is on a
`negative list (e.g., it is indicated as possibly having been
`stolen), then an electronic payment transaction may not be
`authorized. In the following description, an “Acquirer” is
`typically a business entity (e.g.. a commercial bank) that has
`a business relationship with a particular merchant. An
`“Issuer" is typically a business entity (e.g., a bank) which
`issues a payment device such as a credit or debit card to a
`consumer. Some entities may perform both Issuer and
`Acquirer functions.
`[0025]
`FIG. 1 illustrates the primary functional elements
`that are typically involved in processing a payment transac—
`tion and in the authorization process for such a transaction. As
`shown in FIG. 1, in a typical payment transaction, a consumer
`wishing to purchase a good or service from a merchant uses a
`portable consumer payment device 20 to provide payment
`transaction data that may be used as part of an authorization
`
`process. Portable consumer payment device 20 may be a debit
`card, credit card, smart card, mobile device containing a
`contactless chip, or other suitable form of device.
`[0026] The portable consumer payment device is presented
`to a device reader or point of sale (POS) terminal 22 which is
`able to access data stored on or within the payment device.
`The account data (as well as any required consumer data) is
`communicated to the merchant 24 and ultimately to the mer-
`chant’s transaction/data processing system 26. As part of the
`authorization process performed by the merchant, merchant
`transaction processing system 26 may access merchant data-
`base 28, which typically stores data regarding the customer/
`consumer (as the result of a registration process with the
`merchant, for example), the consumer’s payment device, and
`the consumer’s transaction history with the merchant. Mer-
`chant transaction processing system 26 typically communi—
`cates with Acquirer 30 (which manages the merchant’s
`accounts) as part of the overall authorization process. Mer—
`chant transaction processing system 26 and/or Acquirer 30
`provide data to Payment Processing Network 34, which
`among other ftmetions, participates in the clearance and
`settlement processes that are part of the overall transaction
`processing. Communication and data transfer between Mer-
`chant transaction processing system 26 and Payment Process —
`ing Network 34 is typically by means ofan intermediary, such
`as Acquirer 30. As part of the transaction authorization pro—
`cess, Payment Processing Network 34 may access aceotmt
`database 36, which typically contains infonnation regarding
`the consumer’s aceotmt payment history, chargebaek or trans-
`action dispute history, credit worthiness, etc. Payment Pro—
`cessing Network 34 commimicates with Issuer 38 as part of
`the authorization process, where Issuer 38 is the entity that
`issued the payment device to the consumer and manages the
`consumer’s account. Customer or consumer account data is
`typically stored in customer/consumer database 40 which
`may be accessed by Issuer 38 as part of the authentication,
`authorization or account management processes. Note that
`instead of, or in addition to being stored in account database
`36, consumer account data may be included in, or otherwise
`part of customer/consumer database 40.
`[0027]
`In standard operation, an authorization request mes—
`sage is created during a consumer purchase of a good or
`service at a point of sale (POS) using a portable consumer
`payment device (such as a credit or debit card). In some
`embodiments, the portable consumer payment device may be
`a wireless phone that incorporates a contactless card or chip.
`The contactless card or chip may communicate with the point
`of sale terminal using a near field communications (NFC)
`capability. The authorization request message is typically
`sent from the device reader/POS terminal 22 through the
`merchant’s data processing system 26 to the merchant’s
`Acquirer 30, to a payment processing network 34, and then to
`an Issuer 38. An “authorization request message” can include
`a request for authorization to conduct an electronic payment
`transaction. It may include one or more of an account holder’s
`payment account number, currency code, sale amount, mer-
`chant transaction stamp, acceptor city, acceptor state/country,
`etc . An authorization request message may be protected using
`a secure encryption method (e.g., I28—bit SSL or equivalent)
`in order to prevent data from being compromised.
`[0028] After the Issuer receives the authorization request
`message, the Issuer determines if the transaction should be
`authorized and sends an authorization response message back
`to the payment processing network to indicate whether or not
`
`
`
`GOOG-1009
`Google LLC v. RFCyber Corp. / Page 11 of 19
`
`PGR2022-00003
`Apple EX1009 Page 11
`
`

`

`US 2010/0211507 A1
`
`Aug. 19, 2010
`
`
`
`he current transaction is authorized. The payment processing
`system then forwards the authorization response message to
`the Acquirer. The Acquirer then sends the response message
`0 the Merchant. The Merchant is thus made aware ofwhether
`the Issuer has authorized the transaction, and hence whether
`he transaction can be completed
`[0029] At a later time, a clearance and settlement process
`may be conducted by elements of the payment/transaction
`wrocessing system depicted in FIG. 1. A clearance process
`involves exchanging financial details between an Acquirer
`and an Issuer to facilitate posting a transaction to a consum—
`er’s account and reconciling the consumer’s settlement posi-
`ion. Clearance and settlement can occur simultaneously or as
`separate processes.
`[003 0]
`Payment Processing Network 34 may include data
`wrocessing subsystems. networks, and other means of imple—
`menting operations used to support and deliver authorization
`services, exception file services, and clearing and settlement
`services for payment transactions. An exemplary Payment
`Proces sing Network may include VisaNet. Payment Process—
`ing Networks such as VisaNet are able to process credit card
`transactions, debit card transactions, and other types of corn—
`mercial transactions. VisaNet, in particular, includes a VIP
`system (Vlsa Integrated Payments system) which processes
`authorization requests and a Base II system which performs
`transaction clearing and settlement services.
`[0031]
`Payment Processing Network 34 may include a
`server computer. A server computer is typically a powerful
`computer or cluster of computers. For example, the server
`computer can be a large mainframe, a minicomputer cluster,
`or a group of servers functioning as a unit. In one example, the
`server computer may be a database server coupled to a web
`server. Payment Processing Network 34 may use any suitable
`combination of wired or wireless networks, including the
`Internet, to pennit communication and data transfer between
`network elements. Among other functions, Payment Process—
`ing Network 34 may be responsible for ensuring that a user is
`authorized to conduct the transaction (via an authentication
`process), confirm the identity of a party to a transaction (e.g.,
`via receipt of a personal identification number), conlinn a
`sufficient balance or credit line to permit a purchase, or rec-
`oncile the amount ofa purchase with the user‘s account (via
`entering a record of the transaction amount, date, etc.).
`[003 2] Consumer payment device 20 may take one ofmany
`suitable forms. As mentioned, the portable consumer device
`can be a mobile device that incorporates a contactless element
`such as a chip for storing payment data (e.g., a BIN number,
`account number, etc.) and a near field communications (NFC)
`data transfer element such as an antenna. a light emitting
`diode, a laser, etc. The portable consumer device may also
`include a keychain device (such as the Spccdpas sTM commer-
`cially available from Exxon-Mobil Corp.), etc. The device
`containing the contactless card or chip, or other data storage
`element may be a cellular (mobile) phone, personal digital
`assistant (PDA), pager. transponder, or the like. The portable
`consumer device may also incorporate the ability to perform
`debit functions (e.g., a debit card), credit functions (e.g., a
`credit card), or stored value functions (e.g., a stored value or
`prepaid card).
`[0033]
`In embodiments of the invention that include a con-
`tactless element (which may include a contactless chip and
`near field communications data transfer element) embedded
`Within a wireless mobile phone or simila