GB2366432A - Secure electronic payment system - Google Patents

Secure electronic payment system Download PDF

Info

Publication number
GB2366432A
GB2366432A GB0021671A GB0021671A GB2366432A GB 2366432 A GB2366432 A GB 2366432A GB 0021671 A GB0021671 A GB 0021671A GB 0021671 A GB0021671 A GB 0021671A GB 2366432 A GB2366432 A GB 2366432A
Authority
GB
United Kingdom
Prior art keywords
payment
identification number
telecommunication network
wireless communication
communication device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0021671A
Other versions
GB0021671D0 (en
Inventor
Gavin James Dean Mcardell
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sonera Smarttrust Oy
Original Assignee
Sonera Smarttrust Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sonera Smarttrust Oy filed Critical Sonera Smarttrust Oy
Priority to GB0021671A priority Critical patent/GB2366432A/en
Publication of GB0021671D0 publication Critical patent/GB0021671D0/en
Priority to FI20002734A priority patent/FI20002734A/en
Priority to AU2001284074A priority patent/AU2001284074A1/en
Priority to EP01963021A priority patent/EP1348185A1/en
Priority to PCT/FI2001/000759 priority patent/WO2002021354A1/en
Priority to AU2001284077A priority patent/AU2001284077A1/en
Priority to PCT/FI2001/000763 priority patent/WO2002021767A1/en
Publication of GB2366432A publication Critical patent/GB2366432A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/14Payment architectures specially adapted for billing systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/26Debit schemes, e.g. "pay now"
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/342Cards defining paid or billed services or quantities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4093Monitoring of device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/02Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by keys or other credit registering devices
    • G07F7/025Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by keys or other credit registering devices by means, e.g. cards, providing billing information at the time of purchase, e.g. identification of seller or purchaser, quantity of goods delivered or to be delivered
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system

Abstract

In a system for obtaining and using a payment identification number in a secure way with a wireless communication device (MS), a request for the payment identification number is sent from the wireless communication device (MS) the request being digitally signed and/or encrypted; in response to the request the payment identification number is sent to the wireless communication device (MS) from a payment system (BANK) in a digitally signed and/or encrypted message; the payment identification number is transferred to a payment terminal (PT); validity of the transferred payment identification number is verified; the account linked to the payment identification number is charged if the payment identification number is valid.

Description

<Desc/Clms Page number 1> VIRTUAL PAYMENT CARD FIELD OF THE INVENTION -The present invention relates to telecommunication systems. In particular, the invention concerns a method and a system for obtaining and using a payment identification number in a secure way with a wireless communication device.
BACKGROUND OF THE INVENTION Online commerce systems are rapidly increasing a11 over the world. In an online commerce system merchants are developing sites on the World Wide Web (WWW). Because the World Wide Web can be accessed practically anywhere in the world the online commerce systems can have customers from different countries.
The methodology in online commerce shopping can be simplified in three stages: selecting a product, placing on order and paying for the product. Typically, the product or service ordered over the Internet is paid with a credit card. When the customer has filled the order containing a11 relevant information (e.g. product information, name, address, account number and an expiration date) the order is returned to the merchant. The merchant verifies that the credit card number is valid and that it can be charged the payment caused by the ordered product or service. The verification is usually conducted on a special bank payment network. The verification can be conducted automatically or by phoning to a certain number.
A credit card (e.g. a Visa card) can be used all over the world in places which accept it as a payment instrument. When the payment is made in a conventional shop it is easier to be sure about the identity of the customer. A serious problem arises when the shopping is conducted on the Internet. The credit card data travels over the Internet to the merchant, at its
<Desc/Clms Page number 2>
worst, without any protection (encryption). The credit card information can be intercepted and thus used to make purchases.
US patent 5,883,810 discloses an online commerce system that facilitates online commerce over a public network using an online commerce card. In the publication an issued card is assigned a permanent customer account number that is maintained behalf of the customer at the issuing institution. A customer is assigned a transaction number submitted to a merchant as a proxy for the customer account number. When the merchant submits a request for authorisation, the issuing institution recognises the number as a transaction number for an online credit card. Every transaction number can be used only once. According to the patent, a customer never submits his "real" credit card number to the merchant but a credit card number like number which identifies the customer to the issuing institution.
The problem, however, is that the above described system can be used only when buying products or services online. Further, when using the system and method disclosed in the US patent 5,883,810 a special software code has to be downloaded into a computer. This means that whenever a customer wants to make secure shopping online, the computer used has to include said special software code. This in turn reduces the amount of computers or other terminals through which a secure order can be made.
OBJECT OF THE INVENTION The object of the present invention is to eliminate the drawbacks referred to above or at least to significantly alleviate them. A specific object of the invention is to disclose a new type of method and system in which a wireless communication device can be
<Desc/Clms Page number 3>
used to obtain a payment identification number which, e.g. can be used just like a credit card number.
BRIEF DESCRIPTION OF THE INVENTION The present invention concerns a method and system for obtaining a payment identification number in a secure way with a wireless communication device. The payment identification number can then be inserted into a www-page or used in a conventional way when buying products or services. If the payment identification refers to a credit card number it is not necessary to show the actual credit card at all.
In the method the payment identification number is transferred to a payment terminal. The payment terminal may comprise a www-browser which can be used to buy products or services over the Internet. The validity of the transferred payment identification number is verified, e.g. using VisaNet network or the Veriphone network. The account linked to the payment identification number is charged if the payment identification number is valid. The payment identification number is just like a normal credit card number. It has the same format and number of digits as a regular credit card. when a merchant wants to authorise the payment identification number it is done in the same way as traditional credit card authorisation. Alternatively, the payment identification number may be in the form of a bank account number or some other appropriate form.
In the method of the invention, before above mentioned steps a request for the payment identification number is sent from the wireless communication device the request being digitally signed and/or en- crypted. Said request sent from the wireless communication device comprises, e.g. a user identification data, an account number and/or account limit information. The wireless communication device is, e.g. a mobile tele-
<Desc/Clms Page number 4>
phone or a PDA (PDA, Personal Digital Assistant). In response to the request the payment identification number is sent to the wireless communication device from a payment system in a digitally signed and/or en- crypted message. The message can also contain information about the available credit limit and/or validity period.
The payment identification number and other sensible information travels between the wireless communication and the payment system digitally signed and/or encrypted. In an embodiment of the invention, public key cryptography is used. In the public key method, the message is encrypted using the recipient's public encryption key. Digital signature is achieved with the sender's private signing key and some appropriate public key algorithm.
In an embodiment of the invention, the payment identification number can be used only once. It can also be defined that the payment identification number is valid until a predefined credit limit is exceeded. In an embodiment of the invention, the use of the payment identification number is tied to a certain merchant identity.
In an embodiment of the invention, an additional security code is required from the wireless communication device before the account is charged. The above mentioned procedure provides security because the payment identification number is now practically useless without an appropriate additional security code. The security code is, e.g. a three digit random number.
In addition, the invention concerns a system for obtaining and using a payment identification number in a secure way with a wireless communication device in the present invention comprising a first telecommunication network, a wireless communication device connected to the first telecommunication network, a
<Desc/Clms Page number 5>
second telecommunication network, a payment terminal connected to the second telecommunication network, a third telecommunication network, a merchant connected to the second telecommunication network and to the third telecommunication network, a payment system connected to the first telecommunication network and to the third telecommunication network, means for transferring the payment identification number to the payment terminal, means for verifying the validity of the transferred payment identification number and means for charging the account linked to the payment identification number.
In the system of the invention, the wireless communication device comprises means for requesting the payment identification number the request being digitally signed and/or encrypted and the payment system comprises means for sending the payment identification number to the wireless communication device via the first telecommunication network in a message digitally signed and/or encrypted.
In an embodiment of the present invention, the payment system comprises means for restricting the use of the payment identification number.
In an embodiment of the present invention, the first telecommunication network is a mobile telephone network.
In an embodiment of the present invention, the second telecommunication network is the Internet.
In an embodiment of the present invention, the third telecommunication network is a bank payment network.
In an embodiment of the present invention, the wireless communication device is a mobile phone or a PDA.
In an embodiment of the present invention, the payment terminal comprises means for requesting an
<Desc/Clms Page number 6>
additional security code from the wireless communication device.
In addition, the invention concerns a system for obtaining and using a payment identification number in a secure way with a wireless communication device said system comprising a first telecommunication network, a wireless communication device connected to the first telecommunication network, a third telecommunication network, payment terminal connected to the third telecommunication network, a payment system connected to the first telecommunication network and to the third telecommunication network, means for transferring the payment identification number to the payment terminal, means for verifying the validity of the transferred payment identification number and means for charging the account linked to the payment identification number.
In the system of the invention, the wireless communication device comprises means for requesting the payment identification number the request being digitally signed and/or encrypted and the payment system comprises means for sending the payment identification number to the wireless communication device via the first telecommunication network in a message digitally signed and/or encrypted.
In an embodiment of the present invention, the payment system comprises means for restricting the use of the payment identification number.
In an embodiment of the present invention, the first telecommunication network is a mobile telephone network.
In an embodiment of the present invention, the third telecommunication network is a bank payment network.
In an embodiment of the present invention, the wireless communication device is a mobile phone or a PDA.
<Desc/Clms Page number 7>
In an embodiment of the present invention, the payment terminal is a cash teller or a vending machine.
In an embodiment of the present invention, the payment terminal comprises means for requesting an additional security code from the wireless communication device.
As compared with prior art, the invention provides the advantage that there is no need to have any extra software (in either of the two sides - merchant or payment terminal) if doing online shopping on the Internet with a computer. Another benefit is that the system integrates with existing card verification and settlement protocols.
A further advantage of the invention is that stealing of a payment identification number is practically useless because at its best the payment identification number can be used only once.
Yet another advantage of the invention is that the payment identification number can not be used just in online shopping but also in conventional credit card paying.
Yet another advantage of the invention is its mobility. The payment identification number can be requested anywhere within the wireless telecommunication network coverage area.
LIST OF ILLUSTRATIONS In the following section, the invention will be described in detail by the aid of a few examples of its embodiments, wherein: Fig. 1 presents a preferred system in which a method according to the invention can be implemented, Fig. 2 presents a preferred system in which a method according to the invention can be implemented, and
<Desc/Clms Page number 8>
Fig. 3 presents a flow diagram representing a p: ferred example of the method of the invention. DETAILED-DESCRIPTION OF THE INVENTION Fig. 1 illustrates a preferred system in which a method according to the invention can be implemented. The system comprises a wireless communication device MS connected to a first telecommunication network NET1. Also the payment system BANK is connected to the first telecommunication network NET1. In a preferred embodiment of the invention the wireless communication device MS is a mobile phone. It can also be a PDA or any other wireless device. The first telecommunication network NET1 is preferably a mobile telephone network, e.g. GSM (GSM, Global System for Mobile communication) network. The system comprises also a payment terminal PT and a merchant MERC connected to the second telecommunication network NET2. In a preferred embodiment of the invention the second telecommunication network NET2 is the Internet. The merchant is connected to the third telecommunication network NET3 which is preferably a bank payment network, e.g. VisaNet network or Veriphone network. Through the payment network NET3 the merchant MERC can authorise credit card numbers.
The mobile phone MS comprises means TU for transferring the payment identification number to the payment terminal PT. If the payment terminal PT is a normal computer, the payment identification number can be input into the computer PT, e.g. through a keyboard or through some wireless interface, e.g. infrared transmission or Bluetooth. The mobile phone MS also comprises means RU for requesting the payment identification number the request being digitally signed and/or encrypted. The request is transferred to the payment system BANK via the mobile telephone network
<Desc/Clms Page number 9>
NET1. The request can be in the form of a short message or in another appropriate form.
The payment identification number and other order related information is input into the computer PT and transferred to the merchant MERC via the Inter- net NET2. The merchant MERC comprises means CU for verifying the validity of the payment identification number and means SU for requesting an additional security code from the wireless communication device. The verification is a carried out through the payment network NET3. The payment identification number is related to certain account number the account having, e.g. certain credit limit or other restrictions. After the verification procedure the payment system BANK sends an authorisation reply to the merchant MERC.
The payment identification number is just like a normal credit card number. It has the same format and number of digits as a regular credit card. When a merchant wants to authorise the payment identification number it is done in the same way as traditional credit card authorisation. Alternatively, the payment identification number may be in the form of a bank account number or some other appropriate form.
The payment system BANK comprises means PU for charging the account related to the payment identification number and means LU for restricting the use of the payment identification number. The payment identification number may be used only once. In another embodiment of the invention, the payment identification number can be used until a predefined credit limit is exceeded. In another embodiment of the invention, the use of the payment identification number is tied to a certain merchant identity. The payment system BANK comprises also means MU for sending the payment identification number to the mobile phone MS via the mobile telephone network NET1 in a message digitally signed and/or encrypted. The message can
<Desc/Clms Page number 10>
contain also other information, e.g. about the credit limit and/or the validity period of the payment identification number.
Fig. 2 illustrates another preferred system in which a method according to the invention can be implemented. The system comprises a wireless communication device MS connected to a first telecommunication network NET1. Also the payment system BANK is connected to the first telecommunication network NET1. In a preferred embodiment of the invention, the wireless communication device MS is a mobile phone. It can also be a PDA or any other wireless device. The first telecommunication network NET1 is preferably a mobile telephone network, e.g. GSM network. The system comprises also a payment terminal PT connected to the third telecommunication network NET3. In a preferred embodiment of the invention, the third telecommunication network NET3 is a bank payment network, e.g. VisaNet network or Veriphone network. Through the payment network NET3 credit card numbers can be authorised.
The mobile phone MS comprises means RU for requesting the payment identification number the request being digitally signed and/or encrypted. The request is transferred to the payment system BANK via the mobile telephone network NET1. The request can be in the form of a short message or in another appropriate form. The mobile phone MS comprises also means TU for transferring the payment identification number to the payment terminal PT.
In a preferred embodiment of the invention, the payment terminal PT is a cash teller or a vending machine. The payment identification number can be transferred to the payment terminal PT, e.g. via a wireless interface, e.g. infrared transmission or Blu- etooth. The payment identification number can be transmitted to the payment terminal also manually,
<Desc/Clms Page number 11>
e.g. by reading the payment identification number from the display of the mobile phone MS and inputting it into the payment terminal PT.
The payment terminal PT comprises means CU for verifying the validity of the payment identification number and means SU for requesting an additional security code from the wireless communication device. The verification is carried out through the payment network NET3. The payment identification number is related to certain account number the account having, e.g. certain credit limit or other restrictions. After the verification procedure the payment system BANK sends an authorisation reply to the payment terminal PT.
The payment system BANK comprises means. PU for charging an account related to the payment identification number and means LU for restricting the use of the payment identification number. The payment identification number may be used only once. In another embodiment of the invention, the payment identification number can be used until a predefined credit limit is exceeded. In another embodiment of the invention, the use of the payment identification number is tied to a certain merchant identity. The payment system BANK comprises also means MU for sending the payment identification number to the mobile phone MS via the mobile telephone network NET1 in a message digitally signed and/or encrypted. The message can contain also other information, e.g. about the credit limit and/or the validity period of the payment identification number.
Fig. 3 presents a flow diagram representing a preferred example of the method of the invention. In order to acquire a payment identification number, the wireless communication device MS sends a request to the payment system BANK, arrows la and 1b. The payment identification number refers to a credit card like
<Desc/Clms Page number 12>
number which can be used just like credit card is used, although the payment identification number's validity has certain restrictions. The wireless communication device MS is preferably a mobile phone or a PDA. The digitally signed and/or encrypted request is transferred to the payment system BANK in the form of a short message via the first telecommunication network NET1 which is preferably a m pile telephone.net- work. However, this is only one example of the form of the request and telecommunication network used and thus other combinations can be used as well.
The request contains, e.g. user identification data, an account number and/or account limit information. The payment system BANK receives the request and assigns the user a payment identification number. The payment identification number may be valid for only one transaction. There may be other restrictions, too in using the payment identification number. It can be defined that the payment identification number is usable within certain time limits and/or the use of the payment identification number is tied to a certain merchant identity. Sometimes it might be reasonable to set a credit limit within which the same payment identification number can be used more than once.
The payment system BANK sends the payment identification number to the wireless communication device MS, arrows 2a and 2b. The message may contain also other information than the payment identification number, e.g. information about the validity and credit limit. The messages between the wireless communication device MS and the payment system BANK are preferably digitally signed and/or encrypted. In this manner integrity and confidentiality are achieved. In a preferred embodiment of the invention, signing and en- cryption are based on public key cryptography (PKC).
<Desc/Clms Page number 13>
The wireless communication device MS transfers or the user inputs the received payment identification number into the payment terminal PT. Also some other order related information may be input into the payment terminal PT. A11 the information is transferred to the merchant MERC via the second telecommunication network NET2 which is preferably the Inter- net, arrows 3a and 3b. The merchant MERC verifies the validity of the payment identification number. The verification request is sent to the payment system BANK via the payment network NETS, arrows 4a and 4b. The payment identification number is related to a certain account number the account having e.g. certain credit limit or other restrictions. The payment system BANK checks if the payment identification number meets all the requirements addressed to it. The payment system BANK sends an authorisation reply to the merchant MERC, arrows 5a and 5b.
The above mentioned examples may comprise also other actions, which improves security. An additional security code may be required from the wireless communication device before the account linked to the payment identification number is charged. The above mentioned procedure provides security because the payment identification number is now practically useless without an appropriate additional security code. The security code is, e.g. a three digit random number. Hence, if someone has somehow been able to acquire the credit card number (payment identification number) illegally, it can not be used without a proper security code. The security code may also include some additional information about the credit limit etc. The wireless communication device is asked, e.g. by phone or short message, to send the security code to the merchant, payment terminal or payment system. The security code in a preferred embodiment varies each time used.
<Desc/Clms Page number 14>
In a preferred embodiment of the Fig. 3, before the account linked to the credit card number is charged, a security code request is sent to the wireless communication device MS. If the response from the wireless communication device MS contains the right security code, the' account linked to the credit card number can now be charged. Although it is described here that the security code checking procedure is carried out by the payment system BANK, it can as well be the me. pant MERC that is responsible for the security code checking procedure.
In a preferred embodiment of the Fig. 3, the payment identification number refers to a security code. In order to acquire the security code, the wireless communication device MS sends a request to the payment system BANK, arrows la and 1b. The request contains, e.g. user identification data, an account number and/or account limit information. The payment system BANK receives the request and assigns the user a security code. The security code is valid for only one transaction and is, e.g. a three digit random number. There may be other restrictions, too in using the security code. It can be defined that the security code is usable within certain time limits and/or the use of the security code is tied to a certain merchant identity. The payment system BANK sends the security code to the wireless communication device MS, arrows 2a and 2b. It can also be arranged that the user receives more than one security code in response to the request. In doing so, it is not necessary to send a request for a security code so often.
Therefore, when a user wants to make an order, the wireless communication device MS transfers or the user inputs his/her fixed credit card number into the payment terminal PT. Also some other order related information may be input into the payment terminal PT. All the information is transferred to the merchant
<Desc/Clms Page number 15>
MERC via the second telecommunication network NET2 which is preferably the Internet, arrows 3a and 3b. The merchant MERC verifies the validity of the credit card number.
The verification request is sent to the payment system BANK via the payment network NET3, arrows 4a and 4b. Before the account linked to the credit card number is charged, a security code request is sent to the wireless communication device MS. If the response from the wireless communication device MS contains the right security code, the account linked to the credit card number can now be charged. The payment system BANK sends an authorisation reply to the merchant MERC, arrows Sa and 5b. Although it is described here that the security code checking procedure is carried out by the payment system BANK, it can as well be the merchant MERCH that is responsible for the checking procedure.
The invention is not restricted to the examples of its embodiments described above, instead many variations are possible within the scope of the inventive idea defined in the claims.
<Desc/Clms Page number 16>

Claims (22)

  1. CLAIMS 1. Method for obtaining and using a payment identification number in a secure way with a wireless communication device, said method comprising the steps of: the payment identification number is transferred to a payment terminal; the validity of transferred payment identification number is verified; the account linked to the payment identification number is charged if the payment identification number is valid, c h a r a c t e r i z e d in that before the above mentioned steps the method further comprises the steps of a request for the payment identification number is sent from the wireless communication device the request being digitally signed and/or encrypted; and in response to the request the payment identification number is sent to the wireless communication device from a payment system in a digitally signed and/or encrypted message.
  2. 2. Method as defined in claim 1, char a c t e r i zed in that said request sent from the wireless communication device comprises user identification data, an account number and/or account limit information.
  3. 3. Method as defined in claims 1 and 2, c h a r a c t e r i zed in that public key cryptography is used in signing and encrypting messages.
  4. 4. Method as defined in claims 1 - 3, c h a r a c t e r i zed in that the payment identification number can be used only once.
  5. 5. Method as defined in claims 1 - 4, c h a r a c t e r i zed in that the payment identification number can be used until a predefined credit limit is exceeded.
    <Desc/Clms Page number 17>
  6. 6. Method as defined in claims 1 - 5, c h a r a c t e r i zed in that the use of the payment identification number is tied to a certain merchant identity.
  7. 7. Method as defined in claims 1 - 6, c h a r a c t e r i zed in that the digitally signed and/or encrypted message sent to the wireless telecommunication device comprises information about the available credit limit and/or validity period.
  8. 8. Method as defined in claims 1 - 7, c h a r a c t e r i zed in that an additional security code is required from the wireless communication device before the account linked to the payment identification number is charged.
  9. 9. System for obtaining and using a payment identification number in a secure way with a wireless communication device, said system comprising: a first telecommunication network (NET1); a wireless communication device (MS) connected to the first telecommunication network (NET1); a second telecommunication network (NET2); payment terminal (PT) connected to the second telecommunication network (NET2); a third telecommunication network (NET3); a merchant (MERC) connected to the second telecommunication network (NET2) and to the third telecommunication network (NET3); a payment system (BANK) connected to the first telecommunication network (NET1) and to the third telecommunication network (NET3); means (TU) for transferring the payment identification number to the payment terminal (PT); means (CU) for verifying the validity of the transferred payment identification number; means (PU) for charging the account linked to the payment identification number, c h a r a c t e r i z e d in that
    <Desc/Clms Page number 18>
    the wireless communication device (MS) comprises means (RU) for requesting the payment identification number the request being digitally signed and/or en- crypted; and the payment system comprises means (MU) for sending the payment identification number to the wireless communication device (MS) via the first telecommunication network (NET1) in a message digitally signed and/or encrypted.
  10. 10. System as defined in claim 9, c h a r a c t e r i zed in that the payment system (BANK) comprises means (LU) for restricting the use of the payment identification number.
  11. 11. System as defined in claims 9 and 10, c h a r a c t e r i z e d in that the first telecommunication network (NET1) is a mobile telephone network.
  12. 12. System as defined in claims 9 - 11, c h a r a c t e r i zed in that the second telecommunication network (NET2) is the Internet.
  13. 13. System as defined in claims 9 - 12, c h a r a c t e r i zed in that the third telecommunication network (NET3) is a bank payment network.
  14. 14. System as defined in claims 9 - 13, c h a r a c t e r i z e d in that the wireless communication device (MS) is a mobile phone or a PDA.
  15. 15. System as defined in claims 9 - 14, c h a r a c t e r i zed in that the system comprises means (SU) for requesting an additional security code from the wireless communication device (MS).
  16. 16. System for obtaining and using a payment identification number in a secure way with a wireless communication device, said system comprising: a first telecommunication network (NET1); a wireless communication device (MS) connected to the first telecommunication network (NET1); a third telecommunication network (NET3);
    <Desc/Clms Page number 19>
    payment terminal (PT) connected to the third telecommunication network (NET3); a payment system (BANK) connected to the first telecommunication network (NET1) and to the third telecommunication network (NET3); means (TU) for transferring the payment identification number to the payment terminal (PT); means (CU) for verifying the validity of the transferred payment identification number; means (PU) for charging the account linked to the payment identification number, c h a r act e r i z e d in that the wireless communication device (MS) comprises means (RU) for requesting the payment identification number the request being digitally signed and/or en- crypted; and the payment system comprises means (MU) for sending the payment identification number to the wireless communication device (MS) via the first telecommunication network (NET1) in a message digitally signed and/or encrypted.
  17. 17. System as defined in claim 16, c h a r a c t e r i zed in that the payment system (BANK) comprises means (LU) for restricting the use of the payment identification number.
  18. 18. System as defined in claims 16 and 17, c h a r a c t e r i zed in that the first telecommunication network (NET1) is a mobile telephone network.
  19. 19. System as defined in claims 16 - 18, c h a r a c t e r i z e d in that the third telecommunication network (NET3) is a bank payment network.
  20. 20. System as defined in claims 16 - 19, c h a r a c t e r i zed in that the wireless communication device (MS) is a mobile phone or a PDA.
  21. 21. System as defined in claims 16 - 20, c h a r a c t e r i zed in that the payment terminal (PT) is a cash teller or a vending machine.
    <Desc/Clms Page number 20>
  22. 22. System as defines in claims 16 - 21, c h a r a c t e r i z e d in that the system comprises means (SU) for requesting an additional security code from the wireless communication device (MS).
GB0021671A 2000-09-04 2000-09-04 Secure electronic payment system Withdrawn GB2366432A (en)

Priority Applications (7)

Application Number Priority Date Filing Date Title
GB0021671A GB2366432A (en) 2000-09-04 2000-09-04 Secure electronic payment system
FI20002734A FI20002734A (en) 2000-09-04 2000-12-13 Payment system
AU2001284074A AU2001284074A1 (en) 2000-09-04 2001-09-03 Payment system
EP01963021A EP1348185A1 (en) 2000-09-04 2001-09-03 Payment system
PCT/FI2001/000759 WO2002021354A1 (en) 2000-09-04 2001-09-03 Payment system
AU2001284077A AU2001284077A1 (en) 2000-09-04 2001-09-04 Virtual payment card
PCT/FI2001/000763 WO2002021767A1 (en) 2000-09-04 2001-09-04 Virtual payment card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0021671A GB2366432A (en) 2000-09-04 2000-09-04 Secure electronic payment system

Publications (2)

Publication Number Publication Date
GB0021671D0 GB0021671D0 (en) 2000-10-18
GB2366432A true GB2366432A (en) 2002-03-06

Family

ID=9898799

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0021671A Withdrawn GB2366432A (en) 2000-09-04 2000-09-04 Secure electronic payment system

Country Status (5)

Country Link
EP (1) EP1348185A1 (en)
AU (2) AU2001284074A1 (en)
FI (1) FI20002734A (en)
GB (1) GB2366432A (en)
WO (2) WO2002021354A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2399209A (en) * 2003-03-06 2004-09-08 Fortunatus Holdings Ltd Secure transaction system
EP1489539A1 (en) * 2002-03-28 2004-12-22 Matsushita Electric Industrial Co., Ltd. Service processing device and processing support device
WO2009128072A1 (en) * 2008-04-17 2009-10-22 Uri Halevi Smart card for safer credit transactions
WO2009138848A2 (en) * 2008-05-14 2009-11-19 Fundamo (Pty) Ltd Mobile commerce payment system

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8229855B2 (en) 2002-08-27 2012-07-24 Jean Huang Method and system for facilitating payment transactions using access devices
US7280981B2 (en) * 2002-08-27 2007-10-09 Visa U.S.A. Inc. Method and system for facilitating payment transactions using access devices
US7024396B2 (en) 2003-12-10 2006-04-04 Ncr Corporation Transaction system and method of conducting a point-of-sale transaction between a merchant and a consumer using a wireless platform
EP1709566A4 (en) * 2004-01-23 2007-07-18 Mastercard International Inc System and method for secure telephone and computer transactions
US8843931B2 (en) 2012-06-29 2014-09-23 Sap Ag System and method for identifying business critical processes
US7603131B2 (en) 2005-08-12 2009-10-13 Sellerbid, Inc. System and method for providing locally applicable internet content with secure action requests and item condition alerts
ZA200708638B (en) * 2005-04-05 2009-01-28 Standard Bank Of South Africa A method of authenticating a user of a network terminal device and a system therefor
GB0510255D0 (en) 2005-05-19 2005-06-29 Ramakrishna Madhusudana Method and apparatus to embed distinguishing tags or raw data within existing data
WO2008154872A1 (en) * 2007-06-20 2008-12-24 China Unionpay Co., Ltd. A mobile terminal, a method and a system for downloading bank card information or payment application information
CZ2007504A3 (en) * 2007-07-26 2008-07-02 Direct Pay, S.R.O. Method of making payment transaction by making use of mobile terminal
WO2012030836A2 (en) * 2010-09-03 2012-03-08 Visa International Service Association Protecting express enrollment using a challenge
CN107464109B (en) * 2017-07-28 2020-10-20 中国工商银行股份有限公司 Trusted mobile payment device, system and method

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5883810A (en) * 1997-09-24 1999-03-16 Microsoft Corporation Electronic online commerce card with transactionproxy number for online transactions

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FI100137B (en) * 1994-10-28 1997-09-30 Vazvan Simin Real-time wireless telecom payment system
GB2328310B (en) * 1996-05-15 1999-12-08 Ho Keung Tse Electronic transaction apparatus and method therefor
TW355899B (en) * 1997-01-30 1999-04-11 Qualcomm Inc Method and apparatus for performing financial transactions using a mobile communication unit
FI109505B (en) * 1997-03-24 2002-08-15 Fd Finanssidata Oy Use of banking services in a digital cellular radio system
CA2303893A1 (en) * 1997-09-17 1999-03-25 Akos Andrasev Method for checking rightful use of a debit card or similar means giving right of disposing of a bank account
SE516066C2 (en) * 1999-01-20 2001-11-12 Netcom Ab Method, system and network node for providing services on the Internet
AU2569400A (en) * 1999-02-18 2000-09-04 Orbis Patents Limited Credit card system and method
WO2000062214A1 (en) * 1999-04-08 2000-10-19 Cleartogo.Com Credit card security technique
FI112286B (en) * 2000-01-24 2003-11-14 Smarttrust Systems Oy Payment service apparatus and secure payment procedure
WO2001055921A1 (en) * 2000-01-28 2001-08-02 Fundamo (Proprietary) Limited Personal information data storage system and its uses
EP1253564A3 (en) * 2000-04-19 2002-12-11 Magicaxess Method and apparatus for electronic payment

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5883810A (en) * 1997-09-24 1999-03-16 Microsoft Corporation Electronic online commerce card with transactionproxy number for online transactions

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1489539A1 (en) * 2002-03-28 2004-12-22 Matsushita Electric Industrial Co., Ltd. Service processing device and processing support device
EP1489539A4 (en) * 2002-03-28 2009-08-19 Panasonic Corp Service processing device and processing support device
GB2399209A (en) * 2003-03-06 2004-09-08 Fortunatus Holdings Ltd Secure transaction system
GB2399209B (en) * 2003-03-06 2006-09-13 Fortunatus Holdings Ltd Secure transaction system
WO2009128072A1 (en) * 2008-04-17 2009-10-22 Uri Halevi Smart card for safer credit transactions
WO2009138848A2 (en) * 2008-05-14 2009-11-19 Fundamo (Pty) Ltd Mobile commerce payment system
WO2009138848A3 (en) * 2008-05-14 2010-11-25 Fundamo (Pty) Ltd Mobile commerce payment system
US9280769B2 (en) 2008-05-14 2016-03-08 Visa Cape Town (Pty) Ltd. Mobile commerce payment system
US10489782B2 (en) 2008-05-14 2019-11-26 Visa International Service Association Mobile commerce payment system
US10489783B2 (en) 2008-05-14 2019-11-26 Visa International Service Association Mobile commerce payment system
US11481767B2 (en) 2008-05-14 2022-10-25 Visa International Service Association Mobile commerce payment system

Also Published As

Publication number Publication date
FI20002734A0 (en) 2000-12-13
AU2001284077A1 (en) 2002-03-22
FI20002734A (en) 2002-03-05
GB0021671D0 (en) 2000-10-18
WO2002021767A1 (en) 2002-03-14
EP1348185A1 (en) 2003-10-01
AU2001284074A1 (en) 2002-03-22
WO2002021354A1 (en) 2002-03-14

Similar Documents

Publication Publication Date Title
US7379920B2 (en) System and method for facilitating electronic financial transactions using a mobile telecommunication device
US6950939B2 (en) Personal transaction device with secure storage on a removable memory device
RU2292589C2 (en) Authentified payment
US20010047335A1 (en) Secure payment method and apparatus
US20030069792A1 (en) System and method for effecting secure online payment using a client payment card
US20040070566A1 (en) Card present network transactions
JP2004527861A (en) Method for conducting secure cashless payment transactions and cashless payment system
WO2002039342A1 (en) Private electronic value bank system
GB2361790A (en) Making secure payments using a limited use credit card number
KR980004159A (en) Wireless network electronic transaction system using wireless communication terminal
GB2366432A (en) Secure electronic payment system
US20190347661A1 (en) Coordinator managed payments
US20070118749A1 (en) Method for providing services in a data transmission network and associated components
US20040039709A1 (en) Method of payment
US20020164031A1 (en) Devices
KR20020006189A (en) Method and system for notifying transaction and billing process using a card
KR20020000911A (en) Method and system for servicing debit commerce by using mobile communication network
JP4903346B2 (en) Improved method and system for processing secure payments across computer networks without pseudo or proxy account numbers
AU2004312730B2 (en) Transaction processing system and method
CN107636664A (en) For to the method and system of mobile device supply access data
KR20020071587A (en) Payment and issue of receipt method using some of credit information
KR100458526B1 (en) System and Method for the wire·wireless complex electronic payment
KR20040055843A (en) System and Method for Payment by Using Authorized Authentication Information
KR20060049057A (en) An authentication and settlement method for electronic commerce
EP1396139B1 (en) Method and systems for improving security in data communication systems

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)