Description:RESERVATION OF RIGHTS
[0001] A portion of the disclosure of this patent document contains material, which is subject to intellectual property rights such as but are not limited to, copyright, design, trademark, integrated circuit (IC) layout design, and/or trade dress protection, belonging to Jio Platforms Limited (JPL) or its affiliates (hereinafter referred as owner). The owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all rights whatsoever. All rights to such intellectual property are fully reserved by the owner.

FIELD OF INVENTION
[0002] The embodiments of the present disclosure generally relate to systems and methods for facilitating short distance secure communications in telecommunication systems. More particularly, the present disclosure relates to a system and method for short distance secure communication using a quick response (QR) mode of transmission that is automatic and secure.

BACKGROUND OF THE INVENTION
[0003] The following description of related art is intended to provide background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section is used only to enhance the understanding of the reader with respect to the present disclosure, and not as admission of the prior art.
[0004] The world of digital technology has enabled faster payment methods though smartphones. Further, near-field communication (NFC) technology is used for data exchange between smartphones and a point of sales (PoS) device. However, smartphones with NFC implementations require the addition of standard protocols that contribute significantly to the manufacturing cost of smartphones. Additionally, barcodes also known as one-dimensional machine-readable code are being used for identification of products in various devices. Barcodes may be scanned for asset tracking but they add significantly to the cost of various devices. Further, barcodes can store limited data and are also time consuming.
[0005] There is, therefore, a need in the art to provide a system and a method that can mitigate the problems associated with the prior arts.

OBJECTS OF THE INVENTION
[0006] Some of the objects of the present disclosure, which at least one embodiment herein satisfies are listed herein below.
[0007] It is an object of the present disclosure to provide a system and a method for image based secure data transmission.
[0008] It is an object of the present disclosure to provide a system and a method to transmit a quick response (QR) code securely from a sender to a receiver.
[0009] It is an object of the present disclosure to provide a system and a method to transmit QR codes with error correction code types (ECCS) that provide data recovery from damaged QR data.
[0010] It is an object of the present disclosure to provide a system and a method that utilizes a dynamic QR code for preventing replay attacks.

SUMMARY
[0011] This section is provided to introduce certain objects and aspects of the present disclosure in a simplified form that are further described below in the detailed description. This summary is not intended to identify the key features or the scope of the claimed subject matter.
[0012] In an aspect, the present disclosure relates to a system that may include one or more processors operatively coupled to a primary entity. The primary entity may be associated with one or more users and may be connected to the one or more processors. The primary entity may be coupled to a subscriber identity module (SIM) card. The one or more processors may be coupled with a memory that stores instructions to be executed by the one or more processors. The one or more processors may generate one or more data parameters based on one or more target applications requested by the one or more users. Further, the one or more processors may encrypt the generated one or more data parameters. One or more primary techniques may be used to generate the one or more encrypted data based on the one or more target applications. The one or more processors may determine a mode of communication based on the generated one or more encrypted data. The determined mode of communication may include at least a quick response (QR) based mode of communication. The one or more processors may enable communication of the one or more encrypted data from the primary entity to a secondary entity via the determined mode of communication.
[0013] In an embodiment, the QR based mode of communication may include a binary mode of encoding to enable the communication of the one or more encrypted data from the primary entity to the secondary entity.
[0014] In an embodiment, the QR based mode of communication may include at least one of an error correction code (ECC), an error correction level, and an overhead associated with the encrypted one or more data.
[0015] In an embodiment, the QR based mode of communication may include a dynamic QR code associated with the encrypted one or more data to prevent one or more replay attacks during the communication of the one or more encrypted data from the primary entity to the secondary entity.
[0016] In an embodiment, the dynamic QR code may be updated within a predefined time interval to prevent the one or more replay attacks during the communication of the one or more encrypted data from the primary entity to the secondary.
[0017] In an aspect, the present disclosure relates to a method for enabling communication of data between a primary entity and a secondary entity. The method may include generating, by one or more processors, one or more data parameters based on one or more target applications requested by one or more users associated with the primary entity. The primary entity may be coupled to a subscriber identity module (SIM) card. Further, the method may include encrypting, by the one or more processors, the generated one or more data parameters. One or more primary techniques may be used to generate one or more encrypted data based on the one or more target applications. The method may include determining, by the one or more processors, a mode of communication based on the one or more encrypted data. The determined mode of communication may include at least a quick response (QR) based mode of communication Further, the method may include enabling, by the one or more processors, the communication of the one or more encrypted data from the primary entity to the secondary entity via the determined mode of communication.
[0018] In an embodiment, the QR based mode of communication may use a binary mode of encoding to enable the communication of the one or more encrypted data from the primary entity to the secondary entity.
[0019] In an embodiment, the QR based mode of communication may include at least one of an error correction code (ECC), an error correction level, and an overhead associated with the encrypted one or more data.
[0020] In an embodiment, the QR based mode of communication may use a dynamic QR code associated with the encrypted one or more data to prevent one or more replay attacks during the communication of the one or more encrypted data from the primary entity to the secondary entity.
[0021] In an embodiment, the method may include updating, by the one or more processors, the dynamic QR code within a predefined time interval to prevent the one or more replay attacks during the communication of the one or more encrypted data from the primary entity to the secondary entity.
[0022] In an aspect, the present disclosure relates to a user equipment (UE) for generating one or more secure messages. The UE may include one or more primary processors communicatively coupled to one or more processors in a system, the one or more primary processors coupled with a memory, where the memory stores instructions which when executed by the one or more primary processors causes the UE to generate and transmit one or more data parameters based on one or more target applications requested by one or more users associated with the UE. The one or more processors may be configured to receive the one or more generated data parameters from the UE, encrypt, using one or more primary techniques, the generated one or more data parameters based on the requested one or more target applications, determine a mode of communication based on the generated one or more encrypted data, where the determined mode of communication may include at least a quick response (QR) based mode of communication, and enable communication of the one or more encrypted data from the UE to a secondary entity via the determined mode of communication.
[0023] In an embodiment, the UE may be operatively coupled to a subscriber identity module (SIM) card.
[0024] In an aspect, a subscriber identity module (SIM) card for enabling communication of data to a secondary entity may include one or more processors operatively coupled to one or more processors in a system. The one or more processors may be coupled with a memory that stores instructions which when executed by the one or more processors may cause the one or more processors to generate one or more data parameters based on one or more target applications requested by one or more users. The one or more processors may encrypt, using one or more primary techniques, the generated one or more data parameters based on the requested one or more target applications. The one or more processors may determine a mode of communication based on the generated one or more encrypted data. The determined mode of communication may include at least a quick response (QR) based mode of communication. The one or more processors may enable the communication of the one or more encrypted data from the SIM card associated with a primary entity to the secondary entity via the determined mode of communication.

BRIEF DESCRIPTION OF DRAWINGS
[0025] The accompanying drawings, which are incorporated herein, and constitute a part of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Some drawings may indicate the components using block diagrams and may not represent the internal circuitry of each component. It will be appreciated by those skilled in the art that disclosure of such drawings includes the disclosure of electrical components, electronic components, or circuitry commonly used to implement such components.
[0026] FIG. 1A illustrates an exemplary network architecture (100) of a proposed system (110), in accordance with an embodiment of the present disclosure.
[0027] FIG. 1B illustrates an exemplary system architecture (150) of a proposed system (110), in accordance with an embodiment of the present disclosure.
[0028] FIG. 2 illustrates an exemplary block diagram (200) of a proposed system (110), in accordance with an embodiment of the present disclosure.
[0029] FIG. 3 illustrates an exemplary representation of logical blocks (300) of a proposed system (110), in accordance with an embodiment of the present disclosure.
[0030] FIG. 4 illustrates an exemplary representation (400) of an application processor of a proposed system (110), in accordance with an embodiment of the present disclosure.
[0031] FIG. 5 illustrates an exemplary representation (500) of a secure environment, in accordance with an embodiment of the present disclosure.
[0032] FIG. 6 illustrates an exemplary representation of an internal architecture (600) of a subscriber identity module (SIM) card operation, in accordance with an embodiment of the present disclosure.
[0033] FIG. 7 illustrates an exemplary representation (700) of secure communication over quick response (QR), in accordance with an embodiment of the present disclosure.
[0034] FIG. 8 illustrates an exemplary representation of a detailed process flow (800) including digital signature and encryption, in accordance with an embodiment of the present disclosure.
[0035] FIG. 9 illustrates an exemplary computer system (900) in which or with which a proposed system (110) may be implemented, in accordance with an embodiment of the present disclosure.
[0036] The foregoing shall be more apparent from the following more detailed description of the disclosure.

BRIEF DESCRIPTION OF THE INVENTION
[0037] In the following description, for the purposes of explanation, various specific details are set forth in order to provide a thorough understanding of embodiments of the present disclosure. It will be apparent, however, that embodiments of the present disclosure may be practiced without these specific details. Several features described hereafter can each be used independently of one another or with any combination of other features. An individual feature may not address all of the problems discussed above or might address only some of the problems discussed above. Some of the problems discussed above might not be fully addressed by any of the features described herein.
[0038] The ensuing description provides exemplary embodiments only and is not intended to limit the scope, applicability, or configuration of the disclosure. Rather, the ensuing description of the exemplary embodiments will provide those skilled in the art with an enabling description for implementing an exemplary embodiment. It should be understood that various changes may be made in the function and arrangement of elements without departing from the spirit and scope of the disclosure as set forth.
[0039] Specific details are given in the following description to provide a thorough understanding of the embodiments. However, it will be understood by one of ordinary skill in the art that the embodiments may be practiced without these specific details. For example, circuits, systems, networks, processes, and other components may be shown as components in block diagram form in order not to obscure the embodiments in unnecessary detail. In other instances, well-known circuits, processes, algorithms, structures, and techniques may be shown without unnecessary detail to avoid obscuring the embodiments.
[0040] Also, it is noted that individual embodiments may be described as a process that is depicted as a flowchart, a flow diagram, a data flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations can be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed but could have additional steps not included in a figure. A process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc. When a process corresponds to a function, its termination can correspond to a return of the function to the calling function or the main function.
[0041] The word “exemplary” and/or “demonstrative” is used herein to mean serving as an example, instance, or illustration. For the avoidance of doubt, the subject matter disclosed herein is not limited by such examples. In addition, any aspect or design described herein as “exemplary” and/or “demonstrative” is not necessarily to be construed as preferred or advantageous over other aspects or designs, nor is it meant to preclude equivalent exemplary structures and techniques known to those of ordinary skill in the art. Furthermore, to the extent that the terms “includes,” “has,” “contains,” and other similar words are used in either the detailed description or the claims, such terms are intended to be inclusive in a manner similar to the term “comprising” as an open transition word without precluding any additional or other elements.
[0042] Reference throughout this specification to “one embodiment” or “an embodiment” or “an instance” or “one instance” means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present disclosure. Thus, the appearances of the phrases “in one embodiment” or “in an embodiment” in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
[0043] The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of disclosure. As used herein, the singular forms “a”, “an”, and “the” are intended to include the plural forms as well, unless the context indicates otherwise. It will be further understood that the terms “comprises” and/or “comprising,” when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term “and/or” includes any and all combinations of one or more of the associated listed items.
[0044] The various embodiments throughout the disclosure will be explained in more detail with reference to FIGs. 1-9.
[0045] FIG. 1A illustrates an exemplary network architecture (100) of a proposed system (110), in accordance with an embodiment of the present disclosure.
[0046] Referring to FIG. 1A, the system (110) may enable communication of data between a primary entity (104) and a secondary entity (108). In an embodiment, the primary entity (104) and the secondary entity (108) may also be known as user equipment (UE) that may include, but not be limited to, a mobile, a laptop, etc. Further, the primary entity (104) and/or the secondary entity (108) may include one or more in-built or externally coupled accessories including, but not limited to, a visual aid device such as a camera, audio aid, a microphone, or a keyboard. Further, the primary entity (104) and/or the secondary entity (108) may include a smartphone, virtual reality (VR) devices, augmented reality (AR) devices, a general-purpose computer, desktop, personal digital assistant, and a mainframe computer. Additionally, input devices for receiving input from a user (102-1, 102-2…102-N) such as a touch pad, touch-enabled screen, electronic pen, and the like may be used.
[0047] Referring to FIG. 1A, the primary entity (104) and the secondary entity (108) may be communicatively connected with each other through a mode of communication (106).
[0048] In an embodiment, the system (110) may generate one or more data parameters based on one or more target applications requested by the users (102-1, 102-2…102-N). A person of ordinary skill in the art will understand that the one or more users (102-1, 102-2…102-N) may be collectively referred as the users (102) and individually referred as the user (102). In an embodiment, the one or more target applications may include, but not be limited to, payment information or any other sensitive data. In an embodiment, a quick response (QR) based mode of communication may be used for communication of data from the primary entity (104) to the secondary entity (108).
[0049] Although FIG. 1A shows exemplary components of the network architecture (100), in other embodiments, the network architecture (100) may include fewer components, different components, differently arranged components, or additional functional components than depicted in FIG. 1A. Additionally, or alternatively, one or more components of the network architecture (100) may perform functions described as being performed by one or more other components of the network architecture (100).
[0050] FIG. 1B illustrates an exemplary system architecture (150) of a proposed system (110), in accordance with an embodiment of the present disclosure.
[0051] As illustrated in FIG. 1B, the system architecture (150) includes a transmitter (170) and a receiver (172). A person of ordinary skill in the art will appreciate that the transmitter (170) may be similar to the primary entity (104) of FIG. 1A in its functionality. Further, a person of ordinary skill in the art will appreciate that the receiver (172) may be similar to the secondary entity (108) of FIG. 1A in its functionality.
[0052] Referring to FIG. 1B, the transmitter (170) may include a data generation block (152) for generation of one or more data parameters. Data generation may be supervised (manually entered or attended) or un-supervised (i.e., automatically fetched or unattended). The generated data or data parameters may be encrypted at a data encryption block (154). Once the encryption of the data parameters is completed, the encrypted data parameters may go through a packetization block (156) based on a type of peripheral. Packetization may include generation of one or more data packets based on the encrypted data parameters. Data transmission block (158) may include activation of the desired output peripheral and hardware protocol level configuration for transmission of the packetized data to the receiver (172) using a data communication link (106).
[0053] In an embodiment, the data communication link (106) may include basic attributes such as, but not limited to, time (bit rate), image quality (in case of a quick response (QR) image), distance of communication based on the mode of transmission. In an embodiment, the receiver (172) may be similar to the transmitter (170), but in a reverse mode. The receiver (172) may be configured to scan the data transmitted by the transmitter (170) and select an application specific peripheral (input). Data reception block (162) may control the protocol level configuration to perform the task of receiving the data. Once the data is captured in receiver frontend peripheral, depacketization of the data is performed at a depacketization block (164). Based on the type of communication mode and size of the data packet(s), the depacketization block (164) may parse the desired data leaving the protocol layer overheads.
[0054] Further, the depacketized data may be decrypted at a data decryption block (166). After decryption, the data is verified at a data verification block (168) and further processed based on one or more target applications requested by users such as the users (102) of FIG. 1A.
[0055] In an exemplary embodiment, a subscriber identity module (SIM) card enabled with public key infrastructure (PKI) may be included at the transmitter (170) (for example, the primary entity (104) of FIG. 1A) and the receiver (172) (for example, the secondary entity (108) of FIG. 1A). Additionally, the PKI-enabled SIM card may have the following features.
• A suitable certifying authority (CA) infrastructure support.
• Onboard key pair generation and protection of private key inside SIM.
• Secure storage of Rivest-Shamir-Adleman (RSA) or elliptical curve cryptography (ECC) keys and digital certificates.
• Secure storage of user data.
• Signing of any user data.
• Encryption and decryption of any data with: asymmetric keys and algorithms such as (RSA, ECC), and/or with symmetric keys and algorithms such as, but not limited to, an advanced encryption standard (AES), a data encryption standard (DES), and a triple data encryption standard (3DES).
• Support of hashing algorithm such as, but not limited to, a secure hash algorithm (SHA) and a message-digest algorithm (MD5).
• Access protection of SIM card applet through appropriate keys and algorithm (secure communication protocol (SCP)-02, 03, 10, 11).
[0056] In an exemplary embodiment, Wi-Fi, Bluetooth, QR, audio, and the like may be used in any combination to provide communication of data between the transmitter (170) and the receiver (172). The data communication link (106) may be configured for one or more modes of communication in a specific way to provide a faster transaction cycle time and a maximum data rate. The communication range may also be configurable for the respective mode of communication.
[0057] It may be appreciated that the system architecture (150) may be modular and flexible to accommodate any kind of changes in the system (150).
[0058] FIG. 2 illustrates an exemplary representation (200) of a proposed system (110), in accordance with an embodiment of the present disclosure. A person of ordinary skill in the art will understand that the system (110) of FIG. 2 may be similar to the system (110) of FIG. 1 in its functionality.
[0059] Referring to FIG. 2, the system (110) may comprise one or more processor(s) (202). The one or more processor(s) (202) may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, logic circuitries, and/or any devices that process data based on operational instructions. Among other capabilities, the one or more processor(s) (202) may be configured to fetch and execute computer-readable instructions stored in a memory (204) of the system (110). The memory (204) may be configured to store one or more computer-readable instructions or routines in a non-transitory computer-readable storage medium, which may be fetched and executed to create or share data packets over a network service. The memory (204) may comprise any non-transitory storage device including, for example, volatile memory such as random-access memory (RAM), or non-volatile memory such as erasable programmable read-only memory (EPROM), flash memory, and the like.
[0060] In an embodiment, the system (110) may include an interface(s) (206). The interface(s) (206) may comprise a variety of interfaces, for example, interfaces for data input and output devices, referred to as input/output (I/O) devices, storage devices, and the like. The interface(s) (206) may facilitate communication through the system (110). The interface(s) (206) may also provide a communication pathway for one or more components of the system (110). Examples of such components include, but are not limited to, processing engine(s) (208) and a database (210).
[0061] The processing engine(s) (208) may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processing engine(s) (208). In examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming for the processing engine(s) (208) may be processor-executable instructions stored on a non-transitory machine-readable storage medium and the hardware for the processing engine(s) (208) may comprise a processing resource (for example, one or more processors), to execute such instructions. In the present examples, the machine-readable storage medium may store instructions that, when executed by the processing resource, implement the processing engine(s) (208). In such examples, the system (110) may comprise the machine-readable storage medium storing the instructions and the processing resource to execute the instructions, or the machine-readable storage medium may be separate but accessible to the system (110) and the processing resource. In other examples, the processing engine(s) (208) may be implemented by electronic circuitry.
[0062] In an embodiment, the one or more processor(s) (202) may be configured to generate one or more data parameters based on one or more target applications requested by users (102) of FIG. 1A. The one or more processors(s) (202) may store the generated one or more data parameters in the database (210). The one or more processors (202) may determine the mode of communication between the primary entity (104) and the secondary entity (108).
[0063] In an embodiment, the one or more processors (202) may be configured to encrypt the generated one or more data parameters using one or more symmetric keys, one or more asymmetric keys, and one or more primary techniques. The one or more primary techniques may include any or a combination of a Rivest-Shamir-Adleman (RSA) technique and an elliptical curve cryptography (ECC) technique to encrypt the generated one or more data parameters with one or more asymmetric keys. Further, the one or more processors (202) may comprise any or a combination of an advanced encryption standard (AES) technique, a data encryption standard (DES) technique, and a triple data encryption standard (3 DES) technique to encrypt the generated one or more data parameters with one or more symmetric keys.
[0064] In an embodiment, the one or more processors (202) may be configured to use any or a combination of a secure hash algorithm (SHA) technique and a message-digest algorithm 5 (MD5) technique to encrypt the generated one or more data parameters.
[0065] FIG. 3 illustrates an exemplary representation of logical blocks (300) of the proposed system (110), in accordance with an embodiment of the present disclosure.
[0066] As shown in FIG. 3, the logical blocks in FIG. 1B of the proposed system (110) are mapped into/onto a physical hardware present in computing devices such as, but not limited to, smartphones. As illustrated in FIG. 3, the corresponding physical sections may be classified into three segments including an application processor (301), a secure environment (302), a hardware peripheral (303), and a data communication link (160). In an embodiment, the data communication link (160) may include a wireless optical link (160a), a wireless radio frequency link (160b), and a wireless acoustic link (160c) for enabling communication of data between a transmitter and a receiver (for example, the transmitter (170) and the receiver (172) of FIG. 1B).
[0067] It may be appreciated that the logical blocks (300) may be modular and flexible to accommodate any kind of changes.
[0068] FIG. 4 illustrates an exemplary representation (400) of an application processor (301) of the proposed system (110), in accordance with an embodiment of the present disclosure. A person of ordinary skill in the art will appreciate that the application processor (301) of FIG. 4 may be similar to the application processor (301) of FIG. 3 in its functionality. The application processor (301) may further include data generation, data encryption, and packetization as shown in FIG.3.
[0069] Referring to FIG. 4, in an embodiment, the application processor (301) may contain a multi-core central processing unit (CPU) and a general purpose input/output (GPIO) feature. The application processor (301) may primarily run a smart phone operating system (OS) (402) and user-level applications (402-A, 402-B, 402-C, 402-D). It may be appreciated that the user-level applications (402-A, 402-B, 402-C, 402-D) may be independent of each other and follow their respective life-cycle.
[0070] In an exemplary embodiment, the user-level applications (402-A, 402-B, 402-C, 402-D) may include, but not be limited to, a payment application or any other secure/sensitive applications. Alternatively or additionally, sensitive operations may be performed by a secure processor independent of the application processor (301).
[0071] FIG. 5 illustrates an exemplary representation of secure environment architecture (500), in accordance with an embodiment of the present disclosure. A person of ordinary skill in the art will appreciate that the secure environment (302) of FIG. 5 may be similar to the secure environment (302) of FIG. 3 in its functionality.
[0072] In an embodiment, the secure environment (302) may contain a single processor or controller or a chip set based on various independent designs of an original equipment manufacturer (OEM). As illustrated, the secure environment (302) may contain a secure memory (502-A) to ensure that the data may be extracted or fetched by a specific handshaking method. The secure environment (302) may be a separate hardware unit or maybe an integrated part of a secure processor (502-B). The secure processor (502-B) may compute various logical operations without exposing any data. Further, a hardware accelerator (502-C) may be incorporated with the secure processor (502-B) to enable high-speed computations. Furthermore, an asymmetric cryptographic operation (502-D) may provide complex cryptographic operations in the secure environment (302). In many configurations, the hardware accelerator (502-C) and the asymmetric cryptographic operation (502-D) may be linked to the secure processor (502-B).
[0073] FIG. 6 illustrates an exemplary representation of an internal architecture of a SIM card (600), in accordance with an embodiment of the present disclosure.
[0074] As illustrated in FIG. 6, SIM card (600) may contain a global platform and over the air (OTA) interface (601) and a telecom applet (602). In an exemplary embodiment, the SIM card (600) may be embedded as an e-SIM or a normal SIM card. The telecom applet (602) may be accessed using an issuer security domain (ISD) access key-1 (607). A new application such as a secure applet (603) may be added to enable the SIM card (600) with all the functionalities of a secure environment as indicated in block (302) of FIG. 3 or FIG. 5. The secure applet (603) may be placed in a supplementary security domain (SSD) (606) to prevent other applets or applications from accessing the secure applet (603). Additionally, the SIM card (600) may be safely accessed using a global platform and host (608) or a hypertext transfer protocol secure (HTTPS) route (609). Further, the SIM card (600) may be protected from side channel access after deployment.
[0075] In an embodiment, a SIM card applet (603) may contain all the features of the PKI environment with the following attributes of the secure applet (603):
• Onboard key pair generation and protection of private key inside SIM.
• Secure storage of RSA or ECC keys and digital certificates.
• Secure storage of user data.
• Signing of any user data.
• Encryption of any data with asymmetric keys and algorithms (RSA, ECC) and/or symmetric keys (AES, DES, 3DES).
• Decryption of any data.
• Support hashing algorithm such as an SHA and an MD5.
• Access protection of SIM card applet via appropriate keys and algorithm (SCP-02, 03, 10, 11).
[0076] In an exemplary implementation, the encryption and decryption techniques may include a symmetric key and/or an asymmetric key. In the case of symmetric key-based security, the SIM card (600) shown in FIG. 6 may be equipped with secure storage of the generated key pairs. For an asymmetric key-based security, the SIM card (600) may be equipped with a PKI-based framework. The PKI framework may contain its process flow of key generation, CA, digital certificate generation (at CA), digital certificate storage (at SIM card), etc.
[0077] FIG. 7 illustrates an exemplary representation of secure communication over an image (700), in accordance with an embodiment of the present disclosure.
[0078] The image-based data communication block (702) may include QR codes to transmit data in one way from the sender to the recipient or vice versa. In an exemplary embodiment, the system (110) may enable only a byte by byte mode encoding technique in offline payments compliant with the QR image as shown in Table 1.

Mode Supported
Numeric No
Alphanumeric No
Byte Yes
Kanji No
Table 1
[0079] In an exemplary embodiment, large amounts of transactional data may be divided into parts that reproduce multiple OR images to be sent to the recipient. Based on a use case, a fast scan time and a data size may be selected with an appropriate QR type (error correction code and version number). Further, display intensity and display size of the sender (user equipment) may be the selected parameters for configuring the communication range of the QR based mode of communication.
[0080] Higher the version number, the higher the content supported by the QR image. However, with the higher version number, the QR generation as well as reading and scanning process time also increases. Further, the suggested QR version number for the QR image should be below level 20. Further, four error correction code types with different error correction capabilities may provide data recovery from the damaged or distorted QR image. Higher the error correction capability, the higher the overhead with smaller data.
[0081] Additionally, all the remaining blocks in FIG. 7 may include functionalities as described in FIG. 1B. However, the remaining blocks may not be described in detail from the point of view of brevity.
[0082] In an exemplary embodiment, the error correction type “M” or above may be recommended based on the data size. Based on the total data size, application providers may use higher error correction types of “Q” or “H”.
[0083] In an exemplary implementation, Table 2 represents error correction levels in the percentage of damage and an overhead comparison with an embedded communications channel - L type endpoint communications channel (ECC-L type).

ECC Type Error correction level in the percentage of damage Overhead in comparison of ECC-L type
L 7% 0%
M 15% 15%-30%
Q 25% 45%-80%
H 30% 100%-135%
Table 2
[0084] In an exemplary embodiment, the system may not mandate any specific user-level data structure and may be constructed for specific use cases. However, unlike other types of wireless communication mediums (Bluetooth, Wi-Fi, etc.) QR code is image-based information, hence may be more vulnerable to “replay attack.” To avoid a replay attack, a dynamic QR code may be adapted, where the QR code data shall be updated or refreshed within a predefined time (as per the requirement of the application) from, for example, 1 second to 1 minute or more. The higher the update rate, the higher processing power for rendering and scanning may be generated.
[0085] During the adaptation of the dynamic QR code, some part of the data or the entire data may be updated or changed over time and may be further rendered as a completely new QR image. The dynamic content of data may be derived from a random number or a sequential predictive series like date, time, etc. The exposure of dynamic data may depend on the encryption type. For asymmetric key-based encryption, the dynamic content of the data may be exposed as the entire data is signed and cannot be regenerated externally.
[0086] In an exemplary implementation, QR versioning may describe various versioning options in the QR code and elaborate supported types for offline payments. As shown in Table 3, the blocks highlighted in bold may be supported, whereas the blocks that are not highlighted may be unsupported.

Input Data Size(Bytes)
ECC-L ECC-M ECC-Q ECC-H
1 19 16 13 9
2 34 28 22 16
3 55 44 34 26
4 80 64 48 36
5 108 86 62 46
6 136 108 76 60
7 156 124 88 66
8 194 154 110 86
9 232 182 132 100
10 274 216 154 122
11 324 254 180 140
12 370 290 206 158
13 428 334 244 180
14 461 365 261 197
15 523 415 295 223
16 589 453 325 253
17 647 507 367 283
18 721 563 397 313
19 795 627 445 341
20 861 669 485 385
21 932 714 512 406
22 1006 782 568 442
23 1094 860 614 464
24 1174 914 664 514
25 1276 1000 718 538
26 1370 1062 754 596
27 1468 1128 808 628
28 1531 1193 871 661
29 1631 1267 911 701
30 1735 1373 985 745
31 1843 1455 1033 793
32 1955 1541 1115 845
33 2071 1631 1171 901
34 2191 1725 1231 961
35 2306 1812 1286 986
36 2434 1914 1354 1054
37 2566 1992 1426 1096
38 2702 2102 1502 1142
39 2812 2216 1582 1222
40 2956 2334 1666 1276
Table 3
[0087] FIG. 8 illustrates an exemplary representation of a detailed process flow including digital signature and encryption (800), in accordance with an embodiment of the present disclosure.
[0088] As illustrated, the SIM card may perform all the operations of a secure module. The SIM card consists of a secure memory and a secure processor. With a suitable partition, the applications inside the SIM card may also be placed to work independently without interfering with each other. In an exemplary implementation, two smartphones block (104) and block (108) may be participating devices intended for secure transactions. Both devices may communicate with PKI-enabled SIM cards indicated as block (1206) and block (1218) respectively. Further, the devices may contain identical functional logical sub-blocks with different working principles based on the use-case. All PKI-enabled SIM cards may interact with the remote certification authority (CA) as indicated in block (1222).
[0089] In an exemplary implementation, both devices (104) and (108) (sender and receiver) may contain components for transmission and reception.
[0090] The sender side (104) process flow may include the following:
[0091] The transaction may be initiated from a sender device indicated at block (104). Any authorized application prepares the data (in block (1202A)) to be sent securely to another device (block (108)). The plain text data in block (1202A) that needs to be protected may be sent to the PKI-enabled SIM card (1206) through an existing wired bus. The communication channels (1204A) and (1204B) may be optionally protected by a suitable SCP standard derived from Global Specification such as SCP-01/02/03 etc. The security standards may also provide “authorization” capabilities to the specific or selected application(s) residing in a user’s smartphone.
[0092] The SIM card (1206) of the sender device (104) may have a secure memory (1206A) and a secure processor (1206B). The secure memory (1206A) may contain pertinent sensitive data such as a sender’s private key (1206A-1) and a digital certificate (1206A-2). The private key may be generated at the very beginning of PKI initialization or the “key pair generation” process. The digital certificate may be obtained by interaction with remote CA as indicated in block (1222) during PKI initialization too.
[0093] The plain text data (1202A) is taken in a secure process block (1206B-1) in the SIM card’s secure processor (1206B). The encryption process is authorized by providing the user’s personal identification number (PIN) (1214A) and encrypted by the recipient’s public key.
[0094] The recipient’s public key is extracted from the recipient’s digital certificate (RDC). The RDC is made available to the sender’s device by two possible mechanisms: a) directly from the recipient’s device (desired and preferable) in case of pure offline (no internet or back-end connectivity), and b) from CA Server (1222) requesting with recipient’s identity such as a mobile number. In this case, when the other party’s digital certificate is obtained through an offline mechanism, the data route shall be a secure channel (such as (1204A), (1204B)) with host mobile, the data packetization block (1208-A), and the peripheral block (1210-A).
[0095] The encryption type performed in block (1206B-1) is asymmetric such as RSA or ECC or hybrid i.e. combination of symmetric algorithms such as AES, a DES, and a 3DES, etc., and asymmetric algorithms (RSA, ECC, etc.). The output produced at block (1206B-1) is secure data and transferred to data signing block (1206B-2).
[0096] The encrypted data is digitally signed by the sender’s private key (1206A-1) in the data signing block (1206B-2). The signing process ensures the origin of the transaction. It also requires the user’s authorization by providing a PIN block (1214A).
[0097] Once the data is encrypted (1206B-1) and signed (1206B-2) in the SIM card’s secure processor (1206), it goes back to the sender’s phone (104) for further step of data packetization block (1208A).
[0098] In the data packetization block (1208A), the encrypted data is prepared as per the modality of communication, which is a QR based transmission as per this disclosure.
[0099] In this context, it is necessary to mention that the same data packetization block (1208A) is also used for any auxiliary communication between the sender and the receiver to obtain the recipient’s RDC. For simplicity, it has not been indicated in the diagram.
[00100] Once the packetization is completed in block (1208A), the data is transferred to block (1210A) to select the suitable mode of communication.
[00101] Block (1210A) is a generic representation of communication modalities which can be one or multiple wireless/optical peripheral types such as WiFi, Bluetooth, QR, audio, etc. In the present disclosure, the mode of communication is determined as QR. For example, sensitive data (1204-B) can use QR mode of communication. The selection and combination of communication modalities are user and use-case specific. A few specific use cases scenario may be referred to correlate the multiple communication modalities. Finally, the secured data is transferred via link block (1222) from the sender device block (104) to the recipient’s device block (108).
[00102] In an exemplary embodiment, the recipient’s side process flow may be given as follows:
[00103] The encrypted and signed data (1204-B) is transferred via link block (1222) from the sender’s device block (104) to the specific block (1210B) of the recipient block (108).
[00104] In a similar fashion to the sender’s block (1210A), (1210B) is also a generic representation of communication modalities at the recipient’s end and can be one or multiple wireless/optical peripheral types to receive data from single or multiple peripherals.
[00105] The data received at block (1210B) may be fragmented or may be available in parts as per communication property. The packets are sent to the depacketization block (1208B) where the depacketization block (1208B) reverses the operation as per the sender’s packetization block (1204A).
[00106] Once the depacketization is done, the entire data is available at the recipient’s side in an encrypted form. Data is sent to a PKI-enabled SIM (1218) of the recipient’s side via a wired link block (1204C) between the device (1048) and the SIM card’s (1218) secure processing unit (1218B).
[00107] The communication channels (1204-C) and (1204-D) on the recipient’s side may be optionally protected by suitable SCP given by a global specification such as SCP-01/02/03 etc. The security standards may also give “authorization” capabilities to the specific or selected application(s) residing in a host smartphone by sharing suitable symmetric keys for communication layer security.
[00108] In an exemplary implementation, the recipient (108) may also contain the PKI-enabled SIM card (1218) with a secure memory (1218A) and a secure processor (1218B). The secure memory (1218A) may mandatorily contain sensitive data such as a recipient’s private key (1218A-1) and a digital certificate (1218A-2). The private key may be generated at the very beginning of PKI initialization or the “key pair generation” process. The digital certificate (1218A-2) may be obtained by interaction with a remote CA as indicated in block (1222) during the PKI initialization process.
[00109] Additionally, the recipient’s SIM card (1218) and the received encrypted data are sent to block (1218B-1) for verification of the sender’s digital certificate to ensure authentication and record of the transaction.
[00110] In an exemplary implementation, the sender’s public key is extracted from the sender’s digital certificate (SDC). The SDC is made available to the recipient’s device by the mechanisms:
[00111] a) Directly from the recipient’s device in case of pure offline (no internet or back-end connectivity) and
[00112] b) From the CA Server (1222) requesting the recipient’s identity.
[00113] In the case where the digital certificate is obtained through an offline mechanism, the data route shall be a secure channel (such as (1204-C), (1204-D)) with the host mobile, the data de-packetization block (1208-B), and the peripheral block (1210-B).
[00114] Further, once the digital signature is verified, the encrypted data is sent to the decryption block (1218B-2). The data originally encrypted with the recipient’s key at the sender’s SIM may be decrypted using the recipient’s private key. The user authorization, the private key of the recipient (1218A-1), and the user authorization PIN (1214B) are required to perform the decryption process which may be RSA, ECC, or hybrid as per the type of encryption performed at the sender’s side block (1206B-1).
[00115] Furthermore, the output of the decryption process may regenerate the plain text data which was originally present at the sender’s side at block (1202A) and may now be available in the recipient’s device block (1202-B).
[00116] FIG. 9 illustrates an exemplary computer system (900) in which or with which the proposed system (110) may be implemented, in accordance with an embodiment of the present disclosure.
[00117] In an embodiment, the primary entity (104), the secondary entity (108), and/or the system (110) may be implemented as the computer system (900).
[00118] As shown in FIG. 9, the computer system (900) may include an external storage device (910), a bus (920), a main memory (930), a read-only memory (940), a mass storage device (950), a communication port(s) (960), and a processor (970). A person skilled in the art will appreciate that the computer system (900) may include more than one processor and communication ports. The communication port (960) may be chosen depending on a network, such as a Local Area Network (LAN), Wide Area Network (WAN), or any network to which the computer system (900) connects. The main memory (930) may be Random Access Memory (RAM), or any other dynamic storage device commonly known in the art. The read-only memory (940) may be any static storage device(s) e.g., but not limited to, a Programmable Read Only Memory (PROM) chip for storing static information e.g., start-up or basic input/output system (BIOS) instructions for the processor (970). The mass storage device (950) may be any current or future mass storage solution, which can be used to store information and/or instructions.
[00119] The bus (920) may communicatively couple the processor(s) (970) with the other memory, storage, and communication blocks. Optionally, operator and administrative interfaces, e.g., a display, keyboard, and cursor control device may also be coupled to the bus (920) to support direct operator interaction with the computer system (900). Other operator and administrative interfaces can be provided through network connections connected through the communication port (960). In no way should the aforementioned exemplary computer system (900) limit the scope of the present disclosure.
[00120] While considerable emphasis has been placed herein on the preferred embodiments, it will be appreciated that many embodiments can be made and that many changes can be made in the preferred embodiments without departing from the principles of the disclosure. These and other changes in the preferred embodiments of the disclosure will be apparent to those skilled in the art from the disclosure herein, whereby it is to be distinctly understood that the foregoing descriptive matter is to be implemented merely as illustrative of the disclosure and not as a limitation.

ADVANTAGES OF THE INVENTION
[00121] The present disclosure provides a system and a method for image based secure data transmission.
[00122] The present disclosure provides a system and a method to transmit a quick response code (QR) securely from a sender to a receiver.
[00123] The present disclosure provides a system and a method to transmit QR codes with error correction code types (ECCS) that provide data recovery from damaged QR data.
[00124] The present disclosure provides a system and a method that utilizes a dynamic QR code for preventing replay attacks.
, Claims:1. A system (110) for enabling communication of data between a primary entity (104) and a secondary entity (108), the system (110) comprising:
one or more processors (202) operatively coupled with the primary entity (104) and a memory (204), wherein said memory (204) stores instructions which when executed by the one or more processors (202) cause the one or more processors (202) to:
generate one or more data parameters based on one or more target applications requested by one or more users (102) associated with the primary entity (104), wherein the primary entity (104) is operably coupled to a subscriber identity module (SIM) card;
encrypt, using one or more primary techniques, the generated one or more data parameters based on the requested one or more target applications;
determine a mode of communication (106) based on the generated one or more encrypted data, wherein the determined mode of communication (106) comprises at least a quick response (QR) based mode of communication; and
enable the communication of the one or more encrypted data from the primary entity (104) to the secondary entity (108) via the determined mode of communication (106).
2. The system (110) as claimed in claim 1, wherein the QR based mode of communication uses a binary mode of encoding to enable the communication of the one or more encrypted data from the primary entity (104) to the secondary entity (108).
3. The system (110) as claimed in claim 1, wherein the QR based mode of communication comprises at least one of an error correction code (ECC), an error correction level, and an overhead associated with the encrypted one or more data.

4. The system (110) as claimed in claim 1, wherein the QR based mode of communication uses a dynamic QR code associated with the encrypted one or more data to prevent one or more replay attacks during the communication of the one or more encrypted data from the primary entity (104) to the secondary entity (108).
5. The system (110) as claimed in claim 4, wherein the dynamic QR code is updated within a predefined time interval to prevent the one or more replay attacks during the communication of the one or more encrypted data from the primary entity (104) to the secondary entity (108).
6. A method for enabling communication of data between a primary entity (104) and a secondary entity (108), the method comprising:
generating, by one or more processors (202), one or more data parameters based on one or more target applications requested by one or more users (102) associated with the primary entity (104);
encrypting, by the one or more processors (202), the generated one or more data parameters using one or more primary techniques based on the one or more target applications, wherein the primary entity (104) is operably coupled to a subscriber identity module (SIM) card;
determining, by the one or more processors (202), a mode of communication (106) based on the one or more encrypted data, wherein the determined mode of communication (106) comprises at least a quick response (QR) based mode of communication; and
enabling, by the one or more processors (202), the communication of the one or more encrypted data from the primary entity (104) to the secondary entity (108) via the determined mode of communication (106).
7. The method as claimed in claim 8, wherein the QR based mode of communication uses a binary mode of encoding to enable the communication of the one or more encrypted data from the primary entity (104) to the secondary entity (108).

8. The method as claimed in claim 8, wherein the QR based mode of communication comprises at least one of an error correction code (ECC), an error correction level, and an overhead associated with the encrypted one or more data.
9. The method as claimed in claim 8, wherein the QR based mode of communication uses a dynamic QR code associated with the encrypted one or more data to prevent one or more replay attacks during the communication of the one or more encrypted data from the primary entity (104) to the secondary entity (108).
10. The method as claimed in claim 11, comprising updating, by the one or more processors (202), the dynamic QR code within a predefined time interval to prevent the one or more replay attacks during the communication of the one or more encrypted data from the primary entity (104) to the secondary entity (108).
11. A user equipment (UE) (104) for generating one or more secure messages, said UE (104) comprising:
one or more primary processors communicatively coupled to one or more processors (202) in a system (110), the one or more primary processors coupled with a memory, wherein said memory stores instructions which when executed by the one or more primary processors causes the UE (104) to:
generate and transmit one or more data parameters based on one or more target applications requested by one or more users associated with the UE (104),
wherein the one or more processors (202) are configured to:
receive the one or more generated data parameters from the UE (104);
encrypt, using one or more primary techniques, the generated one or more data parameters based on the requested one or more target applications;
determine a mode of communication (106) based on the generated one or more encrypted data, wherein the determined mode of communication (106) comprises at least a quick response (QR) based mode of communication; and
enable communication of the one or more encrypted data from the UE (104) to a secondary entity (108) via the determined mode of communication (106).
12. The UE (104) as claimed in claim 11, wherein the UE (104) is operatively coupled to a subscriber identity module (SIM) card.
13. A subscriber identity module (SIM) card for enabling communication of data to a secondary entity (108), the SIM card comprising:
one or more processors operatively coupled to one or more processors (202) in a system (110), wherein the one or more processors are coupled with a memory, wherein said memory (204) stores instructions which when executed by the one or more processors causes the one or more processors to:
generate one or more data parameters based on one or more target applications requested by one or more users (102);
encrypt, using one or more primary techniques, the generated one or more data parameters based on the requested one or more target applications;
determine a mode of communication (106) based on the generated one or more encrypted data, wherein the determined mode of communication (106) comprises at least a quick response (QR) based mode of communication; and
enable the communication of the one or more encrypted data from the SIM card associated with a primary entity (104) to the secondary entity (108) via the determined mode of communication (106).