`USOO9202330B2
`
`(12) United States Patent
`(10) Patent N0.:
`US 9,202,330 B2
`Boucher
`(45) Date of Patent:
`Dec. 1, 2015
`
`(54) PORTABLE OBJECT INCLUDING A DISPLAY
`AND APPLICATION FOR CARRYING OUT
`ELECTRONIC TRANSACTIONS
`
`Inventor: Daniel Boucher, Quebec (CA)
`(75)
`(73) Assignee: GEMALTO SA, Meudon (FR)
`( * ) Notice:
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 80 days.
`13/131,435
`Nov. 30, 2009
`PCT/EP2009/066034
`
`(21) App]. N0.:
`(22) PCT Filed:
`(86) PCT N0.:
`
`§ 371 (0)0),
`(2), (4) Date:
`
`Aug. 5, 2011
`
`(87) PCT Pub. N0.: W02010/061002
`PCT Pub. Date: Jun. 3, 2010
`
`(65)
`
`(30)
`
`Prior Publication Data
`US 2011/0284633 A1
`Nov. 24; 2011
`
`Foreign Application Priority Data
`
`Nov. 28, 2008
`
`(EP) ..................................... 08170309
`
`(51)
`
`Int. Cl.
`G06Q 20/40
`G06K 19/07
`
`(2012.01)
`(2006.01)
`(Continued)
`
`(52) US. Cl.
`CPC ............ G0 7F 7/1008 (2013.01); G06K 1 9/0 77
`(2013.01); G06K19/0718 (2013.01);
`(Continued)
`
`(58) Field of Classification Search
`CPC . G06K 7/0013; G06K 7/0021; G06K 7/0026;
`G06K 7/003; G06K 7/0047; G06K 7/0056;
`G06K 7/006; G06K 9/00006; G06K 19/0716;
`G06K 19/0718; G06K 19/07; G06K 19/07707;
`GOOK 19/07743; GOGQ 20/206; GOGQ 20/341;
`UO6Q 20/4012; UO6Q 20/4014; UO6Q
`20/40145
`
`USPC ......... 235/492, 379, 380, 486, 382, 441, 487,
`235/451; 705/35, 39, 41, 42, 44, 65, 67, 72,
`705/75,17,18;382/115,116,119,124;
`455/556], 557, 558, 559, 410,411,
`455/661, 41.1; 340/54, 541, 542, 5.51,
`340/552, 553, 554, 5.8, 581, 5.82, 5.83,
`340/584, 5.85; 7l3/l72, 1827186
`Sec application filc for complctc search history.
`
`(56)
`
`References Cited
`
`U.S, PATENT DOCUMENTS
`
`5,590,038 A * 12/1996 Pitroda ........................... 705/41
`5,802,325 A
`9/1998 Le Roux
`(Continued)
`
`FOREIGN PATENT DOCUMENTS
`
`EP
`EP
`WO
`
`0 649 547 B1
`0 980 053 A2
`WO 2008080879 Al *
`
`6/1997
`2/2000
`7/2008
`
`OTHER PUBLICATIONS
`
`International Search Report (PCT/ISA/210) issued on Mar. 31 . 2010,
`by European Patent OIIice as the International Searching Authority
`for International Application No. PCT/EP2009/066034.
`
`Primary Examiner 7 Michael G Lee
`Assistant Examiner 7 Suczu Ellis
`
`(74) Artur/lay, Agent, ur FirmiBuchanan Ingersoll &
`Rooney PC
`ABSTRACT
`(57)
`A smart portable object including a safety component and a
`display, wherein the display is directly or indirectly interac-
`tive between a user and the safety component. The smart
`portable object also relates to implementing an electronic
`transaction, including a display step for displaying all or some
`of the information that is useful to a user for the transaction
`and/or a step of interacting with the user, wherein the display
`and/or interaction step is carried out Via the interactive dis—
`play.
`
`18 Claims, 3 Drawing Sheets
`
`
`
`100
`
`200
`
`
`
`
`
`
`
`
`
`300
`
`400
`
`Google LLC v. RFCyber Corp. / Page 1 of 11
`
`6006-1017
`
`GOOG-1017
`Google LLC v. RFCyber Corp. / Page 1 of 11
`
`PGR2022-00003
`Apple EX1017 Page 1
`
`

`

`US 9,202,330 B2
`
`Page 2
`
`(51)
`
`1111.0.
`G07F 7/10
`G06Q 20/34
`006K 19/077
`006g 20/12
`G07F 7/08
`(52-) US Cl
`3'
`j,
`'
`(PL
`
`(2006.01)
`(201201)
`(2006-01)
`(2012.01)
`(2006.01)
`,
`G06K19/07703(2013~01); G06K19/07707
`(2013-01);006920/12(2013-01);G069
`20/341(2013.01); G06Q 20/4012 (2013.01);
`.
`G06Q20/40145(2013.01),G07(1;071/30%01¢;
`'
`References Cited
`
`(56)
`
`US. PATENT DOCUMENTS
`6,234,389 131*
`/2001 Valliani etal.
`6,257,487 131*
`7/2001 Hayashida ,
`6,512,840 B1*
`1/2003 Tognazzini
`
`235/380
`
`, 235/380
`, ................ 382/119
`
`4/2003 Shen ........................ . 235/380
`6,547,130 131*
`
`9/2003 Ehi'ensvai'd at al.
`235/380
`6,616,035 B2*
`7/2004 Liberman
`345/169
`6,760,014 B1*-
`
`7/2005 Kisliakov.
`235/492
`6915.957 32*
`10/2008 l’urk ,,,,,,,,
`455/5561
`7,440,771 132*
`
`9/2010 Kisliakov .
`. 235/492
`7,802,728 132*
`9/2014 Cotter et 211
`235/380
`8,820,638 B1*
`. 705/39
`6/2002 Oitiz .....
`2002/0077974 A1*
`
`.705/67
`2002/0178124 A1* 11/2002 Lcwis
`2002/0180584 A1* 12/2002 McGregoretal.
`.
`. 340/526
`2004/0235450 A1* 11/2004 Rosenberg .................... 455/406
`2006/0131393 A1
`67.006 Cok et a1.
`2007/0027804 A1
`22007 Vega
`2007/0158408 A1*
`7/2007 Wang etali
`,,,,,,,,,,,,,,,,,,, 235/380
`2008/0110977 A1*
`5/2008 Bonalle etal.
`235/380
`
`2008/0126260 A1“
`5/2008 Cox et a1.
`.....
`. 705/67
`
`2008/0223925 A1*
`9/2008 Saito et :11.
`235/380
`235/380
`2009/0173784 A1*
`7/2009 Yang ,,,,,
`
`.705/41
`2009/0307132 A1* 12/2009 Phillips
`7/2010 LoIacono
`235/375
`2010/0170942 A1*
`
`6/2011 Bonaetal.
`................ 340/583
`2011/0140841 A1*
`‘
`_
`* erred by examlner
`
`GOOG-1017
`Google LLC v. RFCyber Corp. / Page 2 of 11
`
`GOOG-1017
`Google LLC v. RFCyber Corp. / Page 2 of 11
`
`PGR2022-00003
`Apple EX1017 Page 2
`
`

`

`US. Patent
`
`Dec. 1, 2015
`
`Sheet 1 013
`
`US 9,202,330 132
`
`
`
` GOOG-1017
`
`Google LLC v. RFCyber Corp. / Page 3 of 11
`
`GOOG-1017
`Google LLC v. RFCyber Corp. / Page 3 of 11
`
`PGR2022-00003
`Apple EX1017 Page 3
`
`

`

`US. Patent
`
`Dec. 1, 2015
`
`Sheet 2 0f 3
`
`US 9,202,330 B2
`
`Wild
`
`Govcom
`
`mfififi
`
`:ummmmgm
`
`$3380
`
`Em,w
`
`7mGooG
`11fO4e9aPla.rOCrebV.CFRv.CLLb9OOG
`
`
`
`
`GOOG-1017
`Google LLC v. RFCyber Corp. / Page 4 of 11
`
`PGR2022-00003
`Apple EX1017 Page 4
`
`

`

`US. Patent
`
`Dec. 1, 2015
`
`Sheet 3 0f3
`
`US 9,202,330 132
`
`issuing
`bank
`
`NTERNET
`
`Payment
`
`gateway
`
`.
`.
`Recewmg
`bank
`
`
`
`.
`
`i
`
`II
`
`.
`
` WI
`
`1‘g
`
`I!
`i
`
`s’
`
`5!
`f!
`3'
`:
`
`1/“
`
`\
`~§\
`
`‘: serverof
`,/ "network of
`I!"
`merchant
`
`x
`
`merchant
`
`C
`Fig.0 3
`
`customer
`card
`
`Payment
`terminal
`
`
`
`Google LLC v. RFCyber Corp. / Page 5 of 11
`
`GOOG-1017
`
`GOOG-1017
`Google LLC v. RFCyber Corp. / Page 5 of 11
`
`PGR2022-00003
`Apple EX1017 Page 5
`
`

`

`US 9,202,330 B2
`
`1
`PORTABLE OBJECT INCLUDING A DISPLAY
`AND APPLICATION FOR CARRYING OUT
`ELECTRONIC TRANSACTIONS
`
`
`
`The invention concerns a portable object comprising a
`display, use thereof for implementing steps in an electronic
`transaction method and the associated system.
`In particular, the invention applies to the implementation of
`secure electronic transactions such as payments by means of
`a protected portable object such as a chip card, USB key, etc.
`The payments may 3e local by means ofpayment terminals or
`online on the Internet in relation to merchant sites and servers
`or a distant or local associated processing unit. The object is
`in the form of a chip card in a preferred embodiment.
`Although descri Jed in relation to an example financial
`transaction, the term transaction designates here any bidirec-
`tional exchange between the portable object and the process-
`ing unit, for exainp e a consultation ofa database or a secure
`personal base, access to shared files, downloading, access
`control, processing of data of the monetary type such as
`transfers of funds, etc.
`Such portable oojects are known among chip cards for
`displaying in particular transaction balances, the content of a
`memory or an OTP One Time Password) number. Such cards
`may be self—contained and have a battery and a button for
`actuating the generation of the OTP. Some cards contain a
`display of the OLED type for presenting alphanumeric infor-
`mation.
`Electronic labels for supermarkets or window displays are
`also known, comprising a display and an interface capable of
`receiving in particular price and updating information by
`radio-frequency communication with a central data loading
`unit.
`Communicating portable equipment is also known such as
`personal assistant devices and telephones (PDA Phones)
`comprising sensitive displays, such as iPhones from the
`Apple company.
`Bank terminals are also known reading chip cards and
`those with a magnetic strip, capable of performing an elec-
`tronic transaction. Such terminals are liable to have Trojan
`horses and do not have sufficient guarantee and safety for a
`user.
`
`To protect transactions, recourse is had to online transac-
`tions in accordance with the EMV standard (e.g. Mastercard
`EMV—CAP). Currently there exist three domain authentica-
`tion models (3—D protected by Visa, secureCode by Master—
`card, or J/secure by JCB International).
`However, online transactions are more complex than trans—
`actions in shops since it is necessary to enter more data.
`The object of the invention is to solve the aforementioned
`drawbacks.
`The present invention proposes in principle a portable
`object the structure ofwhich makes such frauds more difficult
`in transactions with payment terminals, as well as a novel
`transaction scheme using this portable object.
`According to the invention, the portable object comprises
`an interactive screen able to display at least some of the data
`useful to the transaction. Thus the data entered by the user can
`be sent directly from the trustworthy portable object to a
`trustworthy processing unit, in particular to a body issuing the
`object or accrediting it. Likewise, the data sent from the
`trustworthy processing unit can be received directly by the
`portable object and presented with confidence under the corr-
`trol of the object.
`To this end, the invention concerns an intelligent portable
`object comprising a security component and an interactive
`display; it is characterised in that it is able to perform inter-
`
`q
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`4O
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`active transactions with a distant unit such as a bank, through
`the interactive display and under the direct or indirect control
`of a security component.
`The data typed by the user on the screen are received and
`decoded by a secure graphical controller and/or a chip com-
`prising a secure controller and/or using security operations.
`Thus the interactive display, for example touch sensitive,
`makes it possible to perform the transaction directly between
`the chip card and a processing unit, making fraudulent attacks
`more difficult and thus improving security. Where applicable,
`a secure connnunieation protocol, in particular enciphered,
`can be shared between the processor of the object and the
`processing unit.
`The user can thus dialogue with his portable object in
`complete confidence directly. The object has the advantage of
`dispensing with a keypad or other man/machine interface and
`offers a larger useful display surface or makes it possible to
`make the object smaller, for example to the Mini UICC or
`Mini SIM format while incorporating a man/machine inter—
`face MMI.
`In the case of a card, the use of a reader of the transparent
`type of the applicant, illustrated in the figures, or a radio-
`frequency reader not covering the card or the object, makes
`the surface of the object where the interactive screen is situ-
`ated visible and accessible.
`Interactivity can be obtained for example by pressure or
`other sensors, capacitive, resistive ormagnetic, placedbehind
`or combined with a flexible screen.
`According to other features, the portable object comprises,
`alone or combined:
`an interface for communication with a terminal, this being
`able to be an interface of any nature, contact or radio
`frequency, or even for example simple electrical comiec-
`tors for a cormection of the ohmic type with a terminal
`Port;
`communication means able to establish communication
`with a distant processing unit and/or to display infonna—
`tion coming from the distant processing unit;
`the portable object is able to make data entered on the
`screen transit to a distant unit;
`it is able to interact directly via the screen with a user;
`it comprises a program or protocol for displaying data of a
`transaction coming from the distant unit for approval
`and/or checking by interaction on a zone displayed on
`the screen;
`it comprises a program or protocol for displaying at least
`one payment mode and transmitting a mode selected by
`interaction on a zone displayed on the screen;
`it comprises a program for displaying at least one interac-
`tive keypad for entering a PIN code and transmitting the
`selected PIN code forverification by interaction with the
`zones displayed on the screen;
`it comprises a program capable of displaying at least one
`writing zone and transmitting, for verification, param-
`eters for entering the writing by interaction with the
`screen.
`
`Another subject of the invention is a method (and corre—
`sponding system) for performing an electronic transaction
`comprising an exchange of data between a distant processing
`unit and a portable object, the unit being connected to the
`portable object, said method using:
`a display step for presenting all or some ofthe information
`useful to the transaction to a user,
`and/or a step of interaction with the user, characterised in
`that the portable object used is in accordance with one of
`
`6006-1017
`Google LLC v. RFCyber Corp. / Page 6 of 11
`
`GOOG-1017
`Google LLC v. RFCyber Corp. / Page 6 of 11
`
`PGR2022-00003
`Apple EX1017 Page 6
`
`

`

`US 9,202,330 B2
`
`3
`the preceding claims and in that the display step and/or
`the interaction are performed via said interactive dis-
`play.
`The system comprises a card reader that is arranged with
`respect to the card so as to leave the interactive display usable
`(accessible) and Visible to the user once placed in the corn-
`munication position in the reader.
`By virtue of the invention,
`the bank terminals can be
`replaced by any conventional card reader since the transac-
`tion takes place directly between the chip card and the bank—
`ing organisation issuing the card. If necessary the reader can
`be a simple connector without electronics or without imple—
`menting a software interface.
`It also allows convergence of all payment systems via
`internet whether the purchases/transactions be performed in a
`shop or online via the internet once the merchant has obtained
`the identification data of his financial institution or secure
`payment gateway. In addition, the method based on a trans-
`action model based on the internet avoids any telephone com-
`munication costs.
`By virtue of the card reader c01mectcd to the computer, the
`user can now have the same online transaction experience as
`if he were making a local transaction in the shop without
`needing to enter his card number or other information
`required by current online merchants.
`An important advantage of the invention is that the identity
`of the purchaser and the payment method are known solely to
`the user and the issuing bank. The only information known to
`the payment gateway and the merchant are the issuing bank
`and confirmation of the amount of the transaction.
`The cu stomer can use one or more payment methods in the
`same transaction in the case in particular where an account is
`insufficiently provisioned.
`Other particularities and advantages of the invention will
`emerge from a reading of the description given by way of
`non—limitative example and with regard to the accompanying
`drawings, in which:
`FIG. 1 illustrates schematically the structure of a portable
`object in accordance with the invention;
`FIG. 2 illustrates schematically a use ofthe object accord-
`ing to the invention using a comrector/reader;
`FIG. 3 illustrates schematically the network of the mer-
`chant site for using the invention according to one embodi-
`ment.
`
`the portable object used for describing an
`In FIG. 1,
`example embodiment is a chip card 1 in particular to the ISO
`7816 format; however, it could be any intelligent portable
`object with a microcircuit such as a USB key or card to other
`PCMCIA or MMC formats. The microcircuit preferably has
`security functions particular to chip cards (physical and/or
`logic protections, for example enciphering key, anti-intrusion
`means, authentication, production of certificate, generation
`of random data, scrambling of data, etc); it is housed here in
`a module with electrical contacts 2 but could have other
`communication interfaces or functions such as a contactless
`function, in particular radio frequency RFID in accordance
`with ISO 14443. The portable object is in principle intended
`to communicate with a communication terminal directly or
`by means of an associated connector and/or reader. The
`microcircuit may be in a card comrected to an object or
`soldered to an electronic circuit of the object.
`
`Since the electronic paper or OLED layer could be trans-
`lucent, in particular when there is no current, layers 4 and/or
`5 or 10 could comprise security elements such as logos,
`graphics and holograms printed Lmder these layers in a con-
`ventional manner in order to increase security of the card or
`object. These security elements can be achieved by other
`
`10
`
`15
`
`30
`
`35
`
`4O
`
`45
`
`50
`
`55
`
`60
`
`65
`
`
`
`
`
`4
`means such as personalisation laser. Thus the card can com—
`prise, on a face or visible by transparency of the layers, all the
`necessaw conventional graphical protection elements.
`In a variant embodiment, the object can function in iride-
`pendent mode by itself without conmrunicating with the ter-
`minal; in particular, it can be made to fulfil functions of
`consultations of an internal memory, or generation of an OTT’
`number, other entry or backup functions, or as a calculator.
`In the case of a USB key, the key can be fitted in a com-
`munication terminal, PC, PDA, portable telephone etc port. In
`the example, the card is c01mected to the terminal by means of
`an ISO card reader.
`The chip card format is preferred in particular for reasons
`of security and portability of the card and other possible
`parallel uses: prepaid or loyalty card, etc.
`The object comprises or is connected to a display (screen),
`preferably graphical, but could simply be ofthe alphanumeric
`type,
`According to one feature of the invention, the display is
`interactive. The interactivity ofthe screen can be obtained for
`example by pressure or other sensors, capacitive, resistive or
`magnetic, placed behind or combined with the screen, pref—
`era 31y flexible.
`In the example, use is preferably made of a display sensi—
`tive to the touch of a finger or other associated utensil, stylus
`or pen.
`The display comprises in the example a display layer 4 of
`the electronic paper (OLED) type combined with a sensitive
`or touch layer 5.
`The display preferably extends over a surface of around 1/3
`or 1/2 of the surface of the card on a surface portion and
`comprises a distant zone of the module to allow visibility of
`the card when it is inserted in the connector.
`Advantageously the comrector C/L associated with the
`card is arranged structurally so as to allow interaction of the
`user with the interactive display. Here the reader comprises
`amrs 11, 12 scalloped in a “V” (FIG. 2). The display is
`therefore not covered by the coimector casing. The reader is
`also arranged with respect to the card so as to leave the
`interactive display of the card accessible and visible to the
`user once placed in the communication position in the reader.
`However, the display could cover almost all or all of this
`surface. Any connector with electrical contacts can be located
`preferably on the same side as the display but could be placed
`on the opposite face in order to gain surface area.
`The object is able to interact directly via the screen with a
`user.
`
`
`
`The two layers are connected respectively in a known
`manner to electronic means or microcircuits 2 able to fulfil
`functions of presentation of information to a user and to
`interactively receive interactions of the user, in particular by
`pressing on the touch layer 5.
`The electronic means comprise in the example a first stan-
`dard chip card microcontroller 6 connected to at least a sec-
`ond microcontroller 7 of the sensitive screen and/or of the
`graphical screen by a connection 1/02 to the second serial port
`of the microcontroller of the chip card, the first port being
`used for communication via the contacts, in particular ISO
`7812—2). The second microcontroller 7 controls respectively
`the two layers by means of an address decoder or interface 8,
`9.
`
`Physically. it is possible to have one chip per microcontrol-
`ler, connected together to one another and housed together in
`a chip card module. Where applicable, all the functions
`described above can be integrated in a single component or
`distributed through several components positioned and
`embedded in the plastic body 10 of the chip card in accor-
`
`GOOG-1017
`Google LLC v. RFCyber Corp. / Page 7 of 11
`
`GOOG-1017
`Google LLC v. RFCyber Corp. / Page 7 of 11
`
`PGR2022-00003
`Apple EX1017 Page 7
`
`

`

`US 9,202,330 B2
`
`10
`
`15
`
`30
`
`35
`
`4O
`
`5
`dance with a multi—component chip card technology in which
`the components are coimected by electrical tracks imple-
`mented on a flexible substrate, in particular by etching or
`screen printing or inkjet, etc.
`Preferably interaction with the user takes place directly or
`indirectly between the screen and a security component In
`the example, the data goes to the security component 6 via the
`graphical and/or touch controller 7, which can also be pro-
`tected.
`The data goes directly into a security component or pass
`where applicable through a component preferably also pro—
`tected. There may exist a mutual or reciprocal authentication
`procedure between the two components in order to avoid for
`example chip substitution.
`In a variant embodiment, the card may be a card of the
`PCMCIA or other type and comprise a shared memory
`directly accessible to a host processing unit and to a micro-
`controller of the card. The data to be exchanged with the host
`and then a distant unit pa ss through this memory. Functioning
`such as that of the input/output communication device
`
`described in patent 3P 0 649 547 can be adopted in order to
`implement the invention, wherein the display and screen can
`be considered to be an input/output interface.
`The selections on the screen are perceived and decoded or
`interpreted by the microcontroller 7. For example, a PIN code '
`typed optionally in accordance with a logic known to the user
`and shared by the microcontroller 7 is deduced by the micro-
`controller. The microcontroller 7 optionally transposes the
`signals perceived into data representing the PIN code.
`These data are next compared either in the same secure
`component or transmitted to another secure component 6 for
`comparison or transmission to an external device (bank
`server) for comparison with a pre-recorded PIN code.
`The data representing the PIN code are communicated to
`the component 7, where applicable using a security mecha—
`nism (enciphering, etc).
`For functioning thereofthe portable object comprises func—
`tions and/or means described below in a cumulative or iso-
`lated manner.
`According to another feature, the portable object com-
`prises communication means able to establish communica-
`tion with a distant processing unit and/or to display informa-
`tion coming from the distant processing unit. The card
`comprises in particular means for establishing a communica-
`tion on the intemet directly or indirectly via the terminal. In
`the example, the intemet IP protocol is integrated therein and
`direct communication is available on the intemet by means of
`the terminal, the latter becoming transparent or acting as a
`modem by implementing just the physical communication
`interface between the network and the card.
`According to one feature, the card is able to make the data
`entered on the screen transit to the distant unit. In particular,
`the data entered are interpreted and/or decoded by the second
`controller with its decoder and transmitted to the first control-
`ler in order to be conveyed over the internet to a distant unit,
`which may be a server of a merchant site. An interpretation
`program P2 and a transfer program P3 for the entered data are
`present
`in the second microcontroller 7 or distributed
`between the two 7, 8.
`According to other features, the card comprises a program
`or protocol P4 for displaying data of a transaction coming
`from the distant unit for approval and/or checking by inter-
`action on a zone displayed on the screen.
`According to other features, the card comprises a program
`or protocol P5 for displaying at least one payment method and
`transmitting a method selected by interaction on a zone dis-
`played on the screen,
`
`45
`
`5O
`
`55
`
`60
`
`65
`
`6
`It comprises a PIN program P6 for displaying at least one
`interactive keypad for entering a PIN code and transmitting
`for verification the PIN code selected by interaction with the
`zones displayed on the screen.
`The verification can be made preferably by an official
`distant server (bank, etc) but may take place in the card in a
`more conventional manner. In the latter case, the terminal
`receives the response from the card or a certificate for per-
`forming the transaction. Preferably, the card validates the PIN
`itself for pre—validation before transmitting to the bank. It
`should be noted that software for processing a change of PIN
`with synchronisation with the bank can also be envisaged as
`an option.
`The card comprises a program P7 for biometric entry such
`as handwriting or a signature. The signature can be done on
`the touch screen with a pen. In particular, the program is able
`to display at least one writing zone on the screen and to
`transmit for verification writing entry parameters by interac-
`tion with the screen. The card can also for this purpose com—
`prise means of analysing and diagnosing entered data, for
`example a comparison or calculation of the dynamics of the
`signature. Where applicable, a biometric and/or fingerprint
`sensor can be associated with the surface ofthe card or along-
`side the touch screen; these data may supplement a PIN code
`entry or constitute the data to be verified for the transaction.
`The card can comprise a program for static recognition of a
`signature and/or dynamic writing of a signature on a sensitive
`screen.
`
`Use of the object according to the invention is now
`described in relation to FIG. 2, which illustrates the method
`and/or system for perfomiing an electronic transaction com-
`prising an exchange of data between a distant processing unit
`connected to a portable object,
`The method uses a display step for presenting all or some of
`the inforrnationuseful to the transaction to a user and’or a step
`of interaction and/or validation of the user. Although it is
`preferable to perform these operations by means of the inter—
`active display ofthe invention, the invention makes it possible
`to use this interactive display for performing all or part of at
`least the display step and at least that ofthe secure interaction.
`Thus, for example, confirmation of the amount and/or selec-
`tion of the method could always be performed on a keypad
`other than that of the card. The various steps and interactions
`could be distributed between the card and the system (PC
`screen, PC keyboard or keypad of the display of the POS
`terminal).
`In order to make a transaction on the internet, the user
`connects to a communication network such as the intemet
`with his PC computer and selects on a merchant site a product
`or service to be purchased. The PC comprises a chip card
`interface implemented here by a cormector or reader C/L. The
`connector can be comiected also by a USB cable to the PC and
`the communication and USB function can be implemented
`either by the card itself or by an ISO/I ISB adaptation function
`of the reader.
`During the transaction or before, the user introduces his
`card into an adapted comiector connected to the terminal and
`the data and operations necessary to the transaction are then
`performed between the card and the network. The user can be
`invited to introduce his card by a message sent or conveyed
`from the merchant site and displayed on the screen of the PC
`as if it were in particular a supemiarket till.
`The user introduces his card, which is then detected by the
`PC, and communication can be switched directly between the
`card and the network via the terminal connections. In the
`
`6006-1017
`Google LLC v. RFCyber Corp. / Page 8 of 11
`
`GOOG-1017
`Google LLC v. RFCyber Corp. / Page 8 of 11
`
`PGR2022-00003
`Apple EX1017 Page 8
`
`

`

`US 9,202,330 B2
`
`7
`contrary case, communication can be made via the PC as a
`logic and physical interface that relays the communications to
`the card.
`The payment gateway has previously made a request to the
`bank ofthe customer, which next establishes communication
`with the card in order to perform a secure transaction as ifthe
`card were in a portable payment reader POS.
`This is then a secure communication C5, the establishment
`of which is described subsequently, between the card and the
`issuing bank of the customer.
`Next payment itself is made in the following maimer:
`At step 100, the merchant site having communicated to the
`bank (in particular through a request for payment to a
`payment gateway 16 explained below) the data of the
`transaction to the card, for example an amount of
`$12.50, the bank displays the amount ofthis information
`by means of a display command intended for the card
`and including the amount to be displayed as data linked
`to the order.
`The questions “continue” and two replies “yes”, “no”
`within or facing two distinct interactive windows of the sen-
`sitive display are also displayed either at the initiative of the
`bank by means of a command equivalent to the previous one
`or at the initiative ofthe card, which comprises a program able
`to display these questions triggered by the reception of the
`preceding command.
`At step 200, the user having selected “yes”. a correspond-
`ing signal is picked up by the card controller and returned to
`the bank.
`The bank then causes to be displayed or conveyed to the
`card a menu for selecting the payment method comprising for
`example: by electronic purse, debit card, credit card or loyalty
`
`points credit carc. These options are displayed in interactive
`
`
`
`zones respective y 41, *2, E3, E4 of the interactive layer
`opposite the display.
`Altematively, the initiative may come from the card, which
`in advance com arises a list of the payment possibilities
`offered to the user and triggers itself by means of a suitable
`application program executed by the microcontroller of the
`card in response 0 the selection of the reply “yes”.
`Once selected, the loyalty points zone is detected by the
`merchant site, VV’liCh returns a PIN code entry keypad with
`interactive keys, The keypad is preferably scrambled or enci-
`phered and deciphered in the card.
`Altcmatively, he initiative for the display of a PIN code
`may come from tie card by means of a program that displays
`a PIN code, optionally modified at each display in accordance
`with a sequence known to the user. The display is triggered in
`response to the previous selection of the payment method
`captured by the card.
`Stars are displayed on the screen each time the number is
`entered and a validation on “OK” triggers the sending of the
`PIN code over the network to the bank, this preferably being
`performed in enciphered form by means of enciphering keys
`previously loaded or generated and algorithms for encipher-
`ing and/or verifying the card certificate.
`Altcmatively, the card itself receives the PIN code and
`checks it itself, and then communicates a positive result ofthe
`check preferably in enciphered form to the bank or with an
`associated certificate.
`At step 400, the bank of the customer has checked the PIN
`received, which it has, where applicable, previously deci-
`phered and displays information indicating the success ofthe
`transaction destined for the card also in the form of a display
`command, and the bank then proceeds with the payment.
`Alternatively, the card has checked the PIN code internally
`and communicates, preferably in enciphered form, the posi-
`
`
`
`q
`
`10
`
`15
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`8
`tive result of the comparison of the PIN code typed to the
`bank, which locally deciphers and proceeds with payment.
`Next, payment confirmation messages take place between
`the bank and the payment gateway (see connection C6, C7),
`which informs the merchant server of this, and a transfer of
`funds and finalisation of the transaction takes place from the
`bank of the customer to that of the merchant.
`FIG. 3 illustrates schematically the network of the iner-
`chant site for using the invention in accordance with one
`embodiment.
`By simplification, the payment gateway also acts as a cer—
`tification authority.
`For online transactions, the payment terminal may be a PC
`connected via an internet connection.
`In the case ofreimbursement, the server ofthe issuing bank
`and the server of the debiting bank are switched.
`The system of the invention comprises the PC terminal
`connected to the card in order to connect to a distant process-
`ing unit 15, 16 such as a merchant server 15 via any network
`such as WiFi, Ethernet, internet 15, 17 and/or an issuing bank
`ofthe user 17. These units 15, 17 are able to use a communi-
`cation protocol and/or set of commands with the portable
`object allowing the display and/or recovery of the data
`entered on the screen directly and/or after processing and/or
`checking by the portable object.
`The merchant server 15 is in communication relationship
`with a receiving bank 18 on the one hand and a payment
`gateway 16 on the other hand. The payment gateway 16 is in
`relationship with the bank ofthe customer 17 and the ban