(12)
`
`United States Patent
`Zhou
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 7.458,510 B1
`Dec. 2, 2008
`
`US00745851OB1
`
`(54) AUTHENTICATION OF AUTOMATED
`VENDING MACHINES BY WIRELESS
`COMMUNICATIONS DEVICES
`
`2002/0174336 A1* 11/2002 Sakakibara et al. ......... 713, 172
`2003/0236872 A1 12/2003 Atkinson .............
`... TO9,223
`2004/0122685 Al
`6/2004 Bunce ........................... 705/1
`2004/O128249 A1* 7, 2004 Hoffman ...
`... 705, 44
`2005. O107076 A1* 5, 2005 TSuda et al.
`... 455,419
`2007/O124211 A1* 5/2007 Smith .......................... 705/21
`FOREIGN PATENT DOCUMENTS
`
`ck
`
`(*) Notice:
`
`(56)
`
`75
`(75) Inventor: Tong Zhou, Overland Park, KS (US)
`(73) Assignee: Sprint Spectrum L.P., Overland Park,
`KS (US)
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 642 days
`M
`YW-
`(21) Appl. No.: 11/110,096
`(22) Filed:
`Apr. 19, 2005
`(51) Int. Cl.
`(2006.01)
`G06K 7/08
`(52) U.S. Cl. ....................... 235/381; 235/379; 713/168;
`713/170
`(58) Field of Classification Search ................. 235/380,
`235/381, 379
`See application file for complete search history.
`References Cited
`A wireless device includes a contactless communications
`facility Such as a contactless Integrated Circuit (IC) card to
`U.S. PATENT DOCUMENTS
`s O al with a E. this R
`5,698,836 A 12/1997 Fujioka ...................... 235,492
`evice obtains credenual information Irom the vending
`6,116,505 A * 9/2000 Withrow ..................... 235,381
`machine and authenticates the vending machine prior to con
`6,198.361 B1
`3/2001 Arisawa ...
`... 332,115
`Summation of the transaction. This authentication prevents
`ck
`p
`6,223,291 B1
`4/2001 Puhl et al. .
`... 726/28
`the users of the wireless devices from transmitting sensitive
`6,345,762 B1* 2/2002 Mori ...........
`... 235,381
`information (such as credit card data) to the vending machine
`6,446,049 B1* 9/2002 Janning et al. ................ TOS/40
`when the vending machine is in fact a rogue vending
`6.463,534 B1* 10/2002 Geiger et al. ............... T13,168
`machine; i.e., one that purports to vend legitimate products or
`6,749,117 B2 ck
`6/2004 Nakabe et al. .............. 235,435
`3. 3. R
`2. Rw - - - - - - - - - - - - - - - - - - - - - - - g3. services but rather is surreptitiously configured to steal sen
`7,200,362 B2 * 4/2007 Muratsu .
`... 455,41.2
`sitive financial information from unsuspecting users.
`2002/0073027 A1* 6/2002 Hui et al. ...................... TOS/40
`2002/0138761 A1* 9, 2002 Kanemaki et al. ........... T13 201
`
`GB
`JP
`JP
`JP
`JP
`
`2383176
`6, 2003
`113252069
`9, 1999
`2002150386 A
`5, 2002
`200438843
`2, 2004
`200494.550
`3, 2004
`OTHER PUBLICATIONS
`Euro Smart, European Smart Card Industry Association, Smart Card
`Presentation, (Mar. 28, 2005).
`NNT Information Sharing Platform Laboratories, “High-Speed Pub
`lic-Key based Electronic Cash Using Contactless IC Cards Presen
`tation.” (Mar. 2001).
`* cited by examiner
`inap
`Primary Examiner Uyen-Chau NLe
`(57)
`ABSTRACT
`
`12 Claims, 4 Drawing Sheets
`
`
`
`WENDING
`MACHINE
`AUTHEN.
`SERVER
`
`
`
`CSC ServiceWorks - Ex. 1004
`
`Page 1 of 10
`
`

`

`U.S. Patent
`
`Dec. 2, 2008
`
`Sheet 1 of 4
`
`US 7.458,510 B1
`
`
`
`has am rauw m arm mor w me me anim m
`
`VENDING
`MACHINE
`AUTHEN.
`SERVER
`
`
`
`
`
`Fig. 1
`
`CSC ServiceWorks - Ex. 1004
`
`Page 2 of 10
`
`

`

`U.S. Patent
`
`Dec. 2, 2008
`
`Sheet 2 of 4
`
`US 7.458,510 B1
`
`us -m mm wome -m om am mm mans who me name -
`
`CONTACTLESSIC CARD
`
`14
`
`CONTACTLESS
`INTERFACE
`
`50
`
`
`
`CELL PHONETXIRX CIRCUITRY
`
`70
`
`30
`
`a 72
`
`YSTE
`
`74
`
`76
`
`- - - - - - - - - -
`
`- - - -
`
`Fig. 2
`
`CSC ServiceWorks - Ex. 1004
`
`Page 3 of 10
`
`

`

`U.S. Patent
`
`Dec. 2, 2008
`
`Sheet 3 of 4
`
`US 7.458,510 B1
`
`100
`
`LAUNCHWENDINGAPPLICATION ON MS
`PROCESSOR
`
`102
`
`VENDING MACHINE SCANNERREADER
`AUTHENTICATESC
`
`104
`
`CAUTHENTICATES WENDING MACHINE
`SCANNERREADER
`
`106
`
`CONDUCTWENDING MACHINE TRANSACTION
`
`
`
`
`
`
`
`Fig. 3
`
`CSC ServiceWorks - Ex. 1004
`
`Page 4 of 10
`
`

`

`U.S. Patent
`
`Dec. 2, 2008
`
`Sheet 4 of 4
`
`US 7.458,510 B1
`
`104.
`.
`
`IC SENDS CHALLENGE TO SCANNERREADER
`
`110
`
`
`
`
`
`
`
`
`
`SCANNER SENDS RESPONSE BACK SIGNED BY
`PRIVATE KEY OF SCANNER AND SCANNER'S
`DGITAL CERTIFICATE
`
`112
`
`DEVICE 10 USES WIRELESS NETWORK TO
`VALIDATE SCANNER'S RESPONSE
`
`114
`
`WMAUTH. SERVER 46 ONNETWORKVALIDATES
`CREDENTIALS, SENDSOK TO WIRELESS DEVICE 10
`
`116
`
`C CARD AUTHENTICATES SCANNER
`
`PASS OK TOWENDINGAPPLICATION
`
`118
`
`120
`
`Fig. 4
`
`CSC ServiceWorks - Ex. 1004
`
`Page 5 of 10
`
`

`

`US 7,458,510 B1
`
`1.
`AUTHENTICATION OF AUTOMATED
`VENDING MACHINES BY WIRELESS
`COMMUNICATIONS DEVICES
`
`BACKGROUND
`
`10
`
`15
`
`This invention relates generally to the field of methods and
`devices for conducting transactions with automated vending
`machines, kiosks, and the like, and more particularly to a
`method of authenticating a vending machine prior to consum
`mation of the transaction.
`It is known in the art to provide automated vending
`machines that vend various goods, such as foodstuffs and
`other consumer items such as phone cards, travelers checks,
`as well as services, such for example flight insurance, cash,
`etc. This disclosure uses the general term "vending machine'
`to mean any automated machine that provides any good or
`service to a customer in exchange for money, and is intended
`to cover conventional vending machines, automated kiosks,
`automated teller machines, and the like.
`The art has proposed using contactless communications
`devices such as contactless Integrated Circuit (IC) cards and
`Radio Frequency Identification Devices (RFIDs) as a means
`for communication with a vending machine and exchanging
`payment information. Such devices can be embedded in other
`devices, such as wireless communications devices Such as
`cellular telephones and personal digital assistants. See for
`example Atkinson, published US patent application 2003/
`0236872. Other references of interest include Japanese patent
`documents JP 2004-94.550; JP 2004-38843, and JP 11-3-
`252069. Mackay’s British patent application GB 2.383,176
`describes a method of operation of a vending machine using
`a cellular phone.
`Contactless IC cards are described in the patent and tech
`nical literature, see for example U.S. Pat. Nos. 6,784,730;
`6,749,117; 6,198.361 and 5,698,836. Basically, such devices
`are based on a Smart card integrated circuit which communi
`cates with a remote scanner/reader over a radiofrequency
`interface (ISO 14443-X Standard). The cards must be in rela
`tively close proximity (typically less than one foot) to the
`scanner/reader in order for communication to happen, as the
`reader Supplies a low impedance electromagnetic field to
`generate a power Supply for the integrated circuit and to
`support clock and data exchange over the RF interface. The
`reader performs a basic authentication process by which the
`45
`card is authenticated, using either a symmetrical or asym
`metrical authentication process. See e.g. JP 2004-38843.
`Contactless IC cards and the like have been suggested for
`various functions, such as car parking tickets, public trans
`portation fare tickets, toll both collection, library cards, pay
`phones, and various other retail and School applications.
`When contactless IC cards are used for purchasing prod
`ucts or services from a vending machine, the cards are used to
`convey sensitive financial information, typically including a
`credit card number, expiration date and card holder name. If
`the vending machine is a trustworthy machine, there is gen
`erally no problem and the transaction may proceed without
`any problems.
`However, the present inventor has appreciated that an auto
`mated vending machine can be a rogue machine and used to
`steal personal identification or credit card information. For
`example, if the machine looks like a real vending machine and
`functions to vend products, it may nevertheless be operated
`by an illegal enterprise that uses the vending machine trans
`actions to obtain confidential financial information and Sub
`sequently use the information for illegal, unauthorized pur
`poses. Hence, there is a need in the art for a vending machine
`
`25
`
`30
`
`35
`
`40
`
`50
`
`55
`
`60
`
`65
`
`2
`and associated method by which the vending machine itself is
`authenticated prior to consummation of a vending machine
`transaction, e.g. prior to the transmission of financial infor
`mation from the IC card to the vending machine. If the vend
`ing machine is not authentic (as determined by the authenti
`cation process), the user of the IC card can be notified and the
`vending process may be safely aborted. The present invention
`meets that need. The known prior art does not suggest per
`forming an authentication process in which an IC card or
`other communication device performs an authentication of a
`vending machine.
`
`SUMMARY
`
`In a first aspect, a method is described for conducting a
`transaction between a wireless communication device. Such
`as a cell phone, personal digital assistant, pocket personal
`computer, and the like, and a vending machine. Again, the
`term "vending machine' is intended to be interpreted to cover
`generally any automated machine for vending or providing
`goods or services with a consumer in exchange for payment,
`including ATMs, automated kiosks, conventional vending
`machines, etc.
`The wireless communication device includes a first con
`tactless communications means (e.g., RFID transponder or
`contactless IC card). The first contactless communication
`means communicates with a corresponding second contact
`less communication means (e.g., RFID transponder or con
`tactless IC reader/scanner) that is included in the vending
`machine.
`The method includes a step a) of performing an authenti
`cation of the Vending machine using the contactless commu
`nications means of the wireless communications device and
`the vending machine. This step may include steps of exchang
`ing challenge and response messages, wherein the contactless
`communications means in the vending machine provides a
`private key signature and a digital certificate. The authentica
`tion step further uses communications between the wireless
`communications device and a vending machine authentica
`tion server, via a radio access network connecting the wireless
`communication device and the vending machine authentica
`tion server. For example, the private key signature, challenge
`and digital certificate of the vending machine wireless com
`munications means may be forwarded from the wireless com
`munications device over a CDMA radio access network to a
`vending machine authentication server on the wireless Ser
`vice provider enterprise network, and the server provides an
`authentication response (e.g., authenticated or not authenti
`cated) back to the wireless device using the radio access
`network.
`The method further continues with a stepb) of completing
`the transaction including the exchange of payment informa
`tion if the authentication in step a) is successful.
`In one embodiment, the first contactless communications
`means in the wireless communications device comprises a
`contactless IC card incorporated into the wireless communi
`cations device and wherein the second contactless communi
`cation means comprises a contactless IC card reader/scanner
`module.
`In this embodiment, the authentication process of step a)
`may comprises the steps of: a) sending a challenge message
`from the IC card to the scanner module; b) the scanner
`responding to the challenge with a private key signature and a
`digital certificate; c) the wireless communications device for
`warding the private key signature, challenge, and digital cer
`tificate over the radio access network to the vending machine
`authentication server; d) the vending machine authentication
`
`CSC ServiceWorks - Ex. 1004
`
`Page 6 of 10
`
`

`

`US 7,458,510 B1
`
`10
`
`15
`
`25
`
`30
`
`35
`
`3
`server performing a validation of the private key signature and
`digital certificate and sending a response to the wireless com
`munications device over the radio access network; and e)
`forwarding the response from the vending machine authenti
`cation server to the IC card, wherein the IC card authenticates
`the scanner based on the response.
`In another possible embodiment, the first and second com
`munications means comprise RFID transponders. Still other
`communications means may be used for communication
`between the wireless communication device and the vending
`machine, e.g., devices compliant with the 802.11, WiFi, or
`Bluetooth standards. Other standards, now known or later
`developed may also be used, the details of this communica
`tion being not particularly important.
`In another aspect, an improvement to a wireless commu
`nications device is provided. The wireless device includes a
`contactless means for communication with a vending
`machine. The improvement comprises providing in the wire
`less communications device a memory storing a set of
`instructions for execution in the wireless communications
`device wherein the wireless devices executes an authentica
`tion process with a vending machine authentication server
`connected to a radio access network to authenticate the Vend
`ing machine.
`In still another aspect, an improvement is provided to a
`wireless service provider having a network having one or
`more servers providing services for wireless devices sub
`scribing to the wireless service provider. The improvement
`comprises providing avending machine authentication server
`in communication with the network, wherein the server per
`forms an authentication of Vending machines in response to
`vending machine authentication messages received from the
`subscriber wireless devices.
`In a preferred embodiment, the vending machine authen
`tication server includes a memory storing machine readable
`instructions for comparing a private key signature and a digi
`tal certificate from a vending machine with entries in a data
`base and responsively determining whether the vending
`machine is authentic.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`40
`
`FIG. 1 is a schematic view of a wireless communications
`device that is used to conduct a transaction with a vending
`machine, and further illustrating a radio access network and
`vending machine authentication server which authenticates
`the vending machine for the wireless device.
`FIG. 2 is a simplified block diagram showing the wireless
`communications device of FIG. 1.
`FIG. 3 is a flow chart showing a process for conducting a
`transaction between the wireless communications device and
`vending machine of FIG. 1.
`FIG. 4 is a flow chart showing the step of authentication of
`the vending machine in further detail in accordance with one
`possible embodiment of the invention.
`
`45
`
`50
`
`55
`
`DETAILED DESCRIPTION OF PREFERRED
`EMBODIMENT
`
`Overview
`FIG. 1 is a schematic view of a wireless communications
`device 10 that is used to conduct a transaction with a vending
`machine 12. The wireless communications device 10
`includes a first contactless communications means 14 for
`communication with a corresponding second contactless
`communication means 16 included in the vending machine
`12. The first contactless means 14 may take the form of a
`
`60
`
`65
`
`4
`contactless IC card, RFID transponder, a transmitter/receiver
`inaccordance with WiFi, Bluetooth, 802.11 or otherstandard,
`or other device either now known or later developed, the
`details of which are not particularly important. The second
`contactless communications means 16 is compatible with the
`contactless communications means 14 in the wireless com
`munications device 10, and may take the form of a contactless
`IC scanner/reader (referred to herein interchangeably as
`“scanner or “scanner module'), RFID transponder, etc.
`The wireless communications device 10 may take the form
`of a cellular telephone, personal digital assistant, pocket PC,
`or other device. The wireless communication device 10 is
`capable of two types of wireless communications: 1) com
`munications over an air interface 24 with the vending
`machine communications means 16 using the contactless
`communication device 14, and 2) communications overan air
`interface 34 with a vending machine authentication server 46
`via a radio access network 36, which may in the illustrated
`example take the form of a conventional CDMA cellular
`telephone network.
`Still referring to FIG. 1, the vending machine 12 includes a
`central control unit 18 which is shown connected via a local or
`wide area network 20 to a vending machine server 22. The
`vending machine server 22 is configured with Software and
`interfaces to perform any of a variety of functions, including
`logging or facilitating transactions with the vending machine
`12, authentication of devices (such as phone 10) engaging in
`transactions with the vending machine 12, etc.
`The wireless device 10 in the illustrated, representative
`embodiment includes conventional cellular telephone trans
`mission and receive circuitry connected to a cellular tele
`phone antenna 30. The antenna 30 communicates with a
`CDMA base transceiver station antenna 32. The radio access
`network 36 includes the antenna 32, a base station controller
`38, a mobile switching center MSC 40, and a packet data
`serving node (PDSN)40 which may take the form of a remote
`access server that couples the radio access network 36 to a
`packet switched network 44. The network 44 may take the
`form of an Internet Protocol wide area network, and may
`include a wireless service provider enterprise network pro
`viding communications and data services for wireless service
`provider customers (subscribers), such as the user of the
`wireless device 10.
`The network 44 will typically have a variety of network
`nodes for purposes of providing communications services to
`the wireless users (such as email storage, photo storage, call
`connection and forwarding). One of these services in the
`illustrated embodiment is vending machine authentication, a
`service provided by the vending machine authentication
`server 46. The manner in which these services are provided is
`described in further detail below.
`FIG. 2 is a simplified block diagram showing the wireless
`communications device 10 of FIG.1. The device 10 includes
`a contactless IC card 14, and conventional cellular telephone
`circuitry represented by transmit/receive circuitry 70, graphi
`cal user interface module 72 for presentation of information
`on the display of the device 10 and receiving user input via the
`screen display or manual buttons or keys, a main system
`processor 74, and a memory 76 storing program instructions
`for execution by the system processor. The system processor
`74 may be any state of the art processor commonly used for
`wireless devices including portable computers. The program
`instructions will typically include applications such as tele
`phone and email applications, as well as web browser, enter
`tainment or game applications, and vending machine appli
`cations wherein the device 10 is used for purchasing goods or
`services from vending machines, such as the vending
`
`CSC ServiceWorks - Ex. 1004
`
`Page 7 of 10
`
`

`

`US 7,458,510 B1
`
`5
`machine 12 of FIG. 1. The details of modules 70, 72, 74 and
`76 are not important and known in the art.
`The contactless IC card 14 is likewise known in the art (see
`the previously cited patent literature, for example) and there
`for a detailed description will be omitted from the present
`discussion. The card 14 may include an antenna 50 for RF
`inductive coupling to the scanner/reader 16 of the vending
`machine, a contactless interface unit 52 for demodulation and
`modulation of signals on the antenna 50, a crypto-processor
`for encryption and decryption of messages sent over the air
`interface with the IC scanner/reader, and memory devices 56,
`58 and 60 for storing program instructions, data and device
`identification information. The card 14 will also typically
`include its own microprocessor 62 for executing program
`instructions allowing it to communicate with the IC scanner/
`reader 16 in the vending machine. The IC card or module 14
`is placed in communication with the cell phone TX/RX cir
`cuitry 70 as shown in FIG. 2 in order for the device 10 to carry
`out the vending machine authentication steps on behalf of the
`IC card 14, as explained in further detail below.
`Operation
`With the above overview and explanation in mind, this
`discussion will now turn to an explanation of a process of
`conducting a vending machine transaction using the vending
`machine 12 and wireless communications device 10 of FIG.
`1. FIG. 3 is a flow chart showing a preferred process. The
`vending machine authentication step 104 in FIG. 3 is
`explained in further detail in FIG. 4.
`At step 100, the user of the wireless device 10 comes into
`close proximity with the vending machine and launches a
`vending machine application on the processor 74 of FIG. 2.
`The vending machine application presents to the user via the
`device 10 display various screen displays and prompts to
`facilitate a transaction with the vending machine. The trans
`action details are not important. Assume for purposes of this
`example that the vending machine is dispensing goods and
`the user obtains price information for the goods and is ready
`to make a purchase. The vending machine application may
`use the IC card 14 to obtain product information from the
`vending machine and present it on the display of the device
`10.
`At step 102, the vending machine scanner/reader 16 per
`forms an authentication of the IC card 14. This may involve
`extraction of IC card identification by the reader 16, passing
`it to the central control unit 18 of the vending machine where
`the information is formatted into authentication packets and
`passed over network 20 to the vending machine server 22. The
`details by which the vending machine 12 may authenticate the
`wireless device/IC card 14 are not particularly important and
`may take advantage of proprietary methods unique to the IC
`card vendors, etc. The authentication at step 102 may be
`performed in any known manner, and may occur at the begin
`ning of the transaction, or at the end.
`At step 104, the wireless device 10 (and more specifically
`the IC card 14 in this example) authenticates the vending
`machine 12. The purpose of the vending machine authentica
`tion is to insure that the vending machine is not a rogue
`machine—i.e., that its credentials as a trustworthy machine
`can be verified. Step 104 can be performed in a variety of
`ways, a preferred method of which is described in FIG. 4 and
`explained Subsequently. The vending machine authentication
`preferably involves obtaining vending machine credential
`information over the communications interface 22 (e.g., con
`tactless IC), as well as the wireless device 10 making use of its
`ability to communicate with network entities connected to the
`network 44 via the radio access network 36. In particular, the
`wireless device 10 can obtain credential information (e.g.,
`
`40
`
`45
`
`6
`private key signature--digital certificate) from the vending
`machine in response to a challenge message and provide that
`information (signature, challenge and certificate) to the Vend
`ing machine authentication server 46 on the network 44 for
`authentication. The server 46 compares the credential infor
`mation with information of authorized vending machines
`stored in a database (or performs some other authorization
`routine). The server 46 provides an authentication response
`back to the wireless device 10 based on the authentication
`routine it performed. This information is passed to an authen
`tication process running on the IC card 14.
`At step 106, the vending machine transaction is allowed to
`proceed if the authentication is positive. For example, if the
`authentication from the server 42 indicates that the vending
`machine is “OK” (i.e., trustworthy), then the IC card can
`provide a prompt to the vending machine application indicat
`ing that the vending machine is approved and that completion
`of the transaction and transfer of sensitive payment informa
`tion from the wireless device 10 to the vending machine 12
`may safely proceed. Conversely, if the authentication at Step
`104 were to come out negative, the IC card 14 may provide a
`prompt to the vending machine application indicating that the
`vending machine is not authorized or approved, in which case
`the user of the device 10 can abort the transaction without any
`transfer of payment information (e.g., credit card number,
`expiration date, etc.).
`FIG. 4 shows a representative example of a vending
`machine authentication step 104 in greater detail. At step 110.
`the IC card 14 sends a challenge message to the scanner/
`reader 16. At step 112, in response to the challenge message,
`the Scanner/reader sends a response back. The response may
`take a variety of forms, one of which is in form a digital
`signature signed by private key of the Scanner/reader plus the
`scanner/reader's digital certificate. The use of private keys
`signatures and digital certificates is believed known in the art
`and therefore a detailed description is not necessary.
`At step 114, the wireless device forwards the vending
`machine scanner/reader 16 credential information over the
`radio access network 36 to the network 40 for transmission to
`the vending machine authentication server 46. This step may
`involve, for example, establishing a communications path
`between the device 10 and the radio access network 36, gen
`eration of an outgoing message in the TX/RX circuitry of the
`device 10, adding the credential information (private key
`signature, challenge and digital certificate) to payload fields
`for the message, adding a destination address of the vending
`machine authentication server 46 to a receiving address field
`in the message, and sending the message using known cellu
`lar telephone transmission methods.
`At step 116, the vending machine authentication server 46
`validates the credential information supplied from the wire
`less device 10. This may involve inspection of the credential
`data and comparing the data with credential data for autho
`rized vending machines in a database accessible to the vend
`ing machine authentication server 46. The IC card 14 on the
`wireless device 10 and the authentication server 46 may share
`a secret to allow secure connection between the two entities.
`The vending machine authentication server validates the cer
`tificate and the signature of the vending machine Scanner/
`reader 14. The vending machine authentication server then
`sends a vending machine authentication response back to the
`wireless device (e.g., an OK or NOT OK message).
`At step 118, the TX/RX circuitry on the wireless commu
`nications device receives the authentication response and
`passes it to the IC card 14. The IC card 14 then authenticates
`the vending machine Scanner/reader based on the response
`from the server 42.
`
`10
`
`15
`
`25
`
`30
`
`35
`
`50
`
`55
`
`60
`
`65
`
`CSC ServiceWorks - Ex. 1004
`
`Page 8 of 10
`
`

`

`US 7,458,510 B1
`
`10
`
`15
`
`7
`At step 120, the response message from the vending
`machine authentication server 42 is passed to the vending
`machine application for display to the user. If the user sees a
`VENDING MACHINE NOT APPROVED response (or the
`like) displayed on the display of their device, they thus are
`notified of the security risk and able to abort the vending
`processing prior to transmission of sensitive financial or
`credit card information. If the message such as VENDING
`MACHINE APPROVED (or the like) is displayed, the user of
`the device 10 can proceed to complete the transaction. The
`user may further be able to set preferences in the vending
`machine application whereby any time a vending machine is
`not authenticated, the device automatically aborts the trans
`action.
`Thus, from the foregoing, it will be appreciated that a
`method of conducting a transaction with a vending machine
`10 has been described, including a step a) of performing an
`authentication of the vending machine using the contactless
`communications means 14, 16 of the wireless communica
`tions device and the vending machine, respectively. This step
`may include steps of exchanging challenge and response
`messages, wherein the contactless communications means in
`the vending machine provides a private key signature and a
`digital certificate. The authentication step further uses com
`munications between the wireless communications device
`25
`and a vending machine authentication server via a radio
`access network 36 connecting the wireless communication
`device and the vending machine authentication server 46. For
`example, the private key signature and digital certificate of the
`vending machine wireless communications means may be
`forwarded from the wireless communications device 10 over
`a CDMA radio access network 36 to a vending machine
`authentication server 46 on the wireless service provider
`enterprise network 44, and the server provides an authentica
`tion response (e.g., authenticated or not authenticated) back
`to the wireless device 10 using the radio access network 36.
`The method further continues with a step b) of completing
`the transaction including the exchange of payment informa
`tion if the authentication in step a) is successful.
`In one embodiment, the first contactless communications
`means 14 in the wireless communications device comprises a
`contactless IC card incorporated into the wireless communi
`cations device and wherein the second contactless communi
`cation means 16 comprises a contactless IC card reader/scan
`ner module.
`In this embodiment, the authentication process of step a)
`may comprises the steps of: a) sending a challenge message
`from the IC card to the scanner module (110 in FIG. 4); b) the
`scanner responding to the challenge with a private key signa
`ture and a digital certificate (112); c) the wireless communi
`cations device forwarding the private key signature and digi
`tal certificate over the radio access network to the vending
`machine authentication server (114); d) the vending machine
`authentication server performing a validation of the private
`key signature and digital certificate and sending a response to
`the wireless communications device over the radio access
`network (116); and e) forwarding the response from the vend
`ing machine authentication server to the IC card, wherein the
`IC card authenticates the scanner based on the response (118).
`In another possible embodiment, the first and second com
`60
`munications means comprise RFID transponders. Still other
`communications means may be used for communication
`between the wireless communication device and the vending
`machine, e.g., devices compliant with the 802.11, WiFi, or
`Bluetooth standards. Other standards, now known or later
`developed may also be used, the details of this communica
`tion being not particularly important.
`
`45
`
`8
`In another aspect, an improvement to a wireless commu
`nications device 10 is provided. The wireless device includes
`a contactless means 14 for communication with a vending
`machine 12. The improvement comprises providing in the
`wireless communications device a memory 76 storing a set of
`instructions for execution in the wireless communications
`device (e.g., on processor 74 or on processor 62) wherein the
`wireless devices 10 executes an authentication process with a
`vending machine authentication server 46 connected to a
`radio access network 36 to authenticate the vending machine
`12.
`In still another aspect, an improvement is provided to a
`wireless service provider having a network 44 having one or
`more servers providing services for subscriber wireless
`devices to the wireless service provider. The improvement
`comprises providing a vending machine authentication server
`46 in communication with the network 40, wherein the server
`46 performs an authentication of vending machines 12 in
`response to vending machine authentication messages
`received from the subscriber wireless devices 10, as described
`above for example in FIGS. 1-4. The process described for the
`device 10 of FIG. 1 is preferably preformed in parallel for any
`number of subscriber devices.
`In a preferred embodiment, the vending machine authen
`tication server 46 takes the form of a general purpose com
`puter platform and includes a memory storing machine read
`able instructions for comparing a private key signature and a
`digital certificate from a vending machine (or vending
`machine IC scanner/reader or other