The present invention generally relates to conducting secure transactions, and particularly relates to securely managing wireless device transactions involving stored-value data objects.
As portable electronic devices become more fully integrated into the everyday lives of people, these devices will be used in a broader range of transactions. For example, one might integrate payment functions into a portable communication device such as a cellular telephone. A user can then pay for selected goods or services using the phone's payment functions.
Security issues complicate using portable devices in commercial transactions. For example, if the user's device contains payment information, how is that information conveyed to a vendor system in a manner secure from unwanted eavesdropping or monitoring? In general, significant issues arise in providing end-to-end security for such transactions.
Particular challenges arise in securely delivering and retrieving information to and from a portable device. The need for such delivery and subsequent retrieval might arise in the context of delivering a stored-value data object to the device for later redemption by the user. Here, the data object might function analogous to a physical ticket. Indeed, a vendor might issue an electronic ticket or other token for delivery to the user's device for subsequent redemption. Upon redemption of the electronic ticket, the user gains access to or receives the desired goods or service.
However, the use of electronic tickets or other stored-value data objects requires significant security provisions throughout the issuing and redeeming processes. An approach to securely managing the use of stored-value data objects with portable devices requires a solution that addresses these and other security concerns. Yet, any such approach should make the use of such data objects relatively convenient and flexible from the user's perspective.