RU2321060C1 - Method for conduction of payments by users of mobile communications - Google Patents

Abstract

FIELD: cashless payments in telecommunication networks, possible use for providing goods and services to client of mobile communications.

SUBSTANCE: in the method, during selection of goods and services at web site of seller in communications network the client of communication network inputs his phone number, on receipt of which a transaction is initiated at the server of mobile communications operator, when transaction is opened, communications operator dispatches an SMS-message which contains code of transaction, information about goods and conditions of payment, to the client of communications, after that the client inputs aforementioned data into a field at the site of seller, confirming that the immediate owner of the phone performs given order using the site and agrees to conditions of payment. Given code is transmitted by the seller to communications operator, where code is checked and when it is correct, money is transferred from network client account to the seller and SMS-message is transmitted to the client with notification of sum and subject of operation.

EFFECT: increased accessibility of electronic payment system in telecommunication networks due to usage of financial resources of a client which are deposited in mobile communication company, and also to increase protection from unsanctioned access.

9 cl, 4 dwg

Description

The present invention relates to a method for paying for goods and services by a subscriber of a cellular communication company using the funds in his account with this cellular communication company.

The prerequisite of this invention is the massive use of mobile cellular communications, functioning with a prepaid communication service system, the widespread availability of Internet access points, the commercial need for the distribution of electronic cashless payment systems in electronic communications networks.

There are several main types of payment systems:

- payment based on credit cards;

- web-based electronic payment systems;

- Combined systems combining the use of a credit card as a means of payment and an account management tool in the form of a mobile access terminal.

The patent specification (RU 2263347 / C2, G06F 17/60, H04M 3/42, publication date 2005.10.27) discloses a method of cashless payment by users of mobile devices. According to this method, a user sends a payment type and a payment amount from a mobile device before making a payment. In this method, to protect the user from erroneous actions when managing his account, the system server feedbacks with the subscriber with the transfer of information about the payment terms to the mobile device.

The disadvantage of the analogue is the requirement of registration through the payment organization included in this system. Thus, the necessary level of transferring the functionality of electronic payments to the field of information technology is not provided, shifting to the user of this system the tasks of interaction with banking institutions.

The patent specification (RU 2191482 / C1, 7 H04 M 3/50, H04Q 7/22, G06F 17/60, publication date 2002.10.20) discloses a system for selling goods and services using mobile radio communications. Subscribers enter the offer identification into the mobile terminal and send it as SMS messages via the short message service (SMS) to the service station, where the subscriber’s identification and the offer’s identification are compared. When the application is executed, a message is sent to the seller and the subscriber.

The disadvantage of the analogue is the difficulty for the subscriber to manage his account using structured SMS messages. The operator provides users with multi-page instructions for using the present invention, which does not allow the use of this technology to a large number of untrained users.

The closest in technical essence and the achieved result to the claimed one is a patent (RU 2273049 / C2, 7 G06Q 30/00, publication date 2006.03.27), according to which the user sends a payment request and payment parameters from the mobile device to the payment center.

The disadvantage of the analogue is the requirement to replenish accounts through commercial banks, by purchasing special prepaid cards, through cash transfers through post offices, in some cases it is necessary to fax printed and signed documents to the electronic payment provider.

Thus, the disadvantages of existing payment systems are the need to interact with a banking organization to open and replenish an account, the difficulty of managing an account using structured SMS messages.

The objective of the invention is to simplify non-cash payments by mobile cellular users in telecommunication networks by creating an electronic payment system that does not require users of the cellular network to undergo additional registration of accounts with a banking institution and on the websites of organizations.

The problem is solved by the method of electronic payment in electronic communication systems using a mobile communication terminal, a computer connected to telecommunications networks, and using the SMS short message service, which, unlike the prototype, uses the account of a cellular company as a means of payment sellers provide goods and services through websites, then in the process of selecting goods and services by a subscriber, organizations providing them, based on the entered abone With this phone number, they initiate a transaction on the server of the mobile operator, having opened the transaction, the telecom operators send an SMS message containing the transaction code, information about the product and payment terms, to the communication subscriber, which the subscribers enter in the field on the seller’s website, thereby confirming that the direct owner The phone carries out this order on the site, and confirms its acceptance of the payment terms, then the seller transfers this transaction code to the telecom operator, where they verify this code and, if it is correct , make a transfer from the subscriber’s account to the seller, send an SMS message to the subscriber indicating the amount and subject of the transaction.

In addition, a mobile access terminal, a computer connected to the Internet and an Internet browser can be used as part of the subscriber’s software and hardware.

The terminal can be a cell phone, communicator, smartphone. All models available on the market support the work with the SMS short message service, which allows the subscriber to receive SMS messages up to 160 characters long. To transmit, you must configure the terminal to connect to the short message service center of the mobile provider. This setting is usually carried out at the time of purchase by the subscriber of the terminal.

The work of the subscriber is carried out using the HTTPS protocol, which is an extension of the HTTP protocol that supports encryption functions. Encryption is provided using the SSL cryptographic protocol, TCP port 443 is used for data transfer. When it is used, a secure connection between the client and server is created, public key encryption is used to confirm the authenticity of the transmitter and the receiver, the reliability of data transmission is supported by the use of correction codes and secure hash functions. Since encryption / decryption operations require a lot of computing resources to reduce the load on web servers, hardware SSL accelerators are used.

HTTPS is supported by all modern Internet browsers. Recommended browsers: Internet Explorer, Mozilla Firefox, Opera, Safari, Netscape Navigator. It is possible to use text browsers with very low requests for the hardware of the subscriber's computer: Lynx, Links, W3M.

In addition, the seller’s software and hardware includes a hardware and software web server — a server containing a site that is a user interface for a payment transaction. It also includes software that is responsible for providing browsers access to this site on demand and operating over the HTTPS protocol. Today, the most common web servers are: Apache, IIS, nginx. The software contains a library for interaction with the web server of the telecom operator.

The software of the telecommunications operator includes a hardware server, a web server with support for web services.

In addition, web services can be used to communicate between the carrier and the seller. The advantage of using web services in the process of information interaction is independence from the hardware and software platform, the use of open data exchange standards, the ability to use the https protocol, which allows organizing communication of software systems through a firewall.

In addition, a pseudo-random code sent from the telecom operator to the subscriber can be generated using a pseudo-random number generator. Most simple arithmetic generators, although they have a high speed, but have drawbacks: too short a period, dependence between successive values, uneven distribution, reversibility. Therefore, a combination of a pseudo-random number generator with an external source of entropy is used. Examples of pseudo-random number generators with an entropy source: / dev / random (entropy source processor clock counter), Microsoft CryptoAPI (current time entropy source, hard disk size, free memory size, process identifier), Java SecureRandom (entropy source interaction between threads).

Other features, advantages and properties of the invention are explained in the following description of embodiments with reference to the drawings, in which:

figure 1 - the process of payment by a subscriber of goods and services using an account in a cellular company;

figure 2 - block diagram of a sequence of operations for interaction between a subscriber, operator and organization providing goods and services;

figure 3 is a block diagram of a decision on the server of the telecom operator during authentication of the subscriber during the payment;

4 is a block diagram of the interaction between the operator’s web server, the web server of the organization providing goods and services, and the subscriber’s browser.

Figure 1 presents an example of a specific implementation of a method of payment by a subscriber of goods and services using a user account in a cellular company. The arrows indicate the information flows between the subjects of a given payment transaction: subscriber, telecom operator and seller.

(1) A subscriber of a cellular company selects goods and services payable on the organization’s website. Enter your cell phone number.

(2) The seller transmits to the telecom operator information about the buyer: a cell phone number, information on payment terms and a description of the goods.

(3) The telecom operator generates an SMS message with the transaction code, payment terms, product description, and sends it to the subscriber in accordance with the phone number.

(4) The subscriber enters this code on the seller’s website, thereby confirming the buyer's authorship and his consent to the payment terms and description of the goods.

(5) The seller redirects the code to the operator using web services. The operator reconciles the transaction code generated and transmitted to the subscriber and the code transmitted from the subscriber to the seller.

(6) In case of successful verification, an SMS message is sent to the subscriber (6.1), money is transferred from the subscriber’s account to the seller’s account, the transaction completion code using web services is transmitted to the organization providing the goods and services (6.2).

(7) The seller provides services for the provision of goods and services.

Figure 2 presents a diagram of information flows in the process of a subscriber ordering goods and services on a supplier’s website and interacting with a website of a telecom operator.

In addition, this architecture provides protection of the subscriber’s account from the actions of intruders, as the code is transmitted directly to the mobile subscriber on the mobile access terminal, then this code is compared with the reference code on the side of the mobile operator, so the seller is excluded from the decision-making process on the authentication of the subscriber.

If a subscriber enters an erroneous number, the owner of this erroneous number will also not be able to use the subscriber’s account, because, firstly, the operation will be performed with the wrong number, and secondly, the operation will be interrupted due to the transaction being associated with the transaction session identifier, which is associated with directly with the personal computer of the subscriber.

In addition, to eliminate the possibility of enumerating codes by an attacker, restrictions on the validity period of this code and restrictions on input attempts can be introduced (Fig. 3). After violations of these requirements, the session is automatically canceled, when the subscriber tries again to make a purchase, a new transaction code is generated and the cycle repeats.

Figure 4 shows a diagram of a web server using an organization providing goods and services of web services provided by a web server of a mobile operator for conducting a payment transaction. It includes a request to open a transaction by phone number, a request for the correspondence of the code entered by the subscriber with the transaction identifier, as well as sending the transaction code by the telecom operator’s server via SMS to the subscriber and entering the code by the subscriber on the website of the goods and services provider.

Thus, this system is easy to use by subscribers of a cellular network. The system is protected from malicious activities. The process of interaction between a cellular communication company and an organization providing goods and services is hidden from the user and provides him with maximum comfort in making financial transactions.

Claims (9)

1. A method of making electronic payment in electronic communication systems using a mobile communication terminal, a computer connected to telecommunication networks, and using the SMS short message service, characterized in that the subscriber’s account is used as a means of payment, while sellers provide goods and services through websites, then in the process of selecting goods and services by the subscriber of the organization, providing them, on the basis of the phone number entered by the subscriber, initiate the transaction on the server of the mobile operator, having opened the transaction, the telecom operators send an SMS message containing the transaction code, information about the product and payment terms, to the communication subscriber, which the subscribers enter in the field on the seller’s website, confirming that the direct owner of the phone carries out this order for website, and confirm its agreement with the terms of payment, then sellers transfer this transaction code to the operator, where they verify this code and, if it is correct, transfer funds from the subscriber’s account to the parent, send an SMS message to the subscriber indicating the amount and subject of the transaction. 2. The method according to claim 1, characterized in that the subscriber’s software and hardware include a mobile access terminal, a computer connected to the Internet, and an Internet browser. 3. The method according to claim 1, characterized in that the interaction between the telecom operator and the seller is carried out using web services. 4. The method according to claim 1, characterized in that a pseudo-random number generator with an external source of entropy is used to generate a transaction code. 5. The method according to claim 1, characterized in that the subscribers use simple messages sent using a computer connected to a telecommunication network. 6. The method according to claim 1, characterized in that the interaction is configured by the mobile operator and the organization providing the goods and services, subscribers use this method without making settings and registration. 7. The method according to claim 1, characterized in that the organizations providing goods and services do not have access to the code confirming the payment and are excluded from the decision-making process for authenticating the subscriber. 8. The method according to claim 1, characterized in that the restriction of attempts by the subscriber to enter the transaction code on the website of the supplier of goods and services is introduced. 9. The method according to claim 1, characterized in that for the transaction confirmation procedure, the subscriber sets a time limit.

Images