RU2575805C2 - Method of controlling state of object using mobile device and system therefor - Google Patents

Abstract

FIELD: physics; control.

SUBSTANCE: group of inventions relates to means of controlling the state of an object using a mobile device. The disclosed method of controlling the state of an object using a mobile device includes using a control signal to change the state of the object, authorising the said signal and verifying the mobile device from which the control signal was received, and changing parameter values of the state of the object based on the verification, wherein the control of the state of the object and the use of the object are spaced apart in time and channels. A system for carrying out the said method is also disclosed.

EFFECT: enabling the control of the state of an object which is or is not a financial product, safer control of the state of the object, reducing the probability of fraud by using different channels for controlling and requesting information on the state of the object, high reliability and safety of the system by storing confidential information on the object separately from information on its state.

15 cl, 2 dwg

Description

The invention relates to methods and systems for administrative, commercial, financial purposes, in particular to means for controlling the state of an object using a mobile device over wireless networks.

Banks and other financial institutions have always paid great attention to the security of payments, in particular those made using bank cards. For this, in addition to the usual PIN-code, various additional methods are used to limit and authorize transactions, identify a user, including using a mobile phone. Mobile phones, in turn, have become an integral part of the life of a modern person and are increasingly used not only for communication, but also for other purposes.

Authorization (from the English authorization - permission, authorization) - granting a certain person or group of persons rights to perform certain actions on an object with limited access, as well as the process of checking (confirming) these rights when trying to perform these actions.

As one of the ways to increase the security of a payment transaction, transaction authorization is widely used, for example, through a password or confirmation from a third party directly during the transaction. For example, there is a known method of authorization of transactions (patent US 8019691, IPC G06Q 20/00, priority 09/10/2003, publ. 09/13/2011), including an additional authorization request during the transaction, sent to a third (trusted) party.

The disadvantages of this and similar methods that use authorization during a transaction are: increased transaction processing time, the need for presence and establishment of interaction with a trusted party. As a rule, such schemes are implemented by the financial institutions themselves, which complicates their integration with existing payment systems, reduces the universality of the system, and requires additional development.

To reduce transaction processing time, a preliminary change in the state of the object (financial product) is used. There is a known system and method for managing the state of an object (patent application EP 2357598, IPC G06Q 20/00; priority 01/22/2010 US 297642 P, 01/21/2011 US 11816; publ. 08/17/2011) that allow you to set or change control parameters of an object in advance from using a control signal, and when conducting a transaction, authorize or block it based on an analysis of these parameters.

Such well-known technical solutions do not make it possible to use them for objects that are not related to the financial sphere. In addition, the object is in the active state by default, which does not exclude the possibility of a fraudulent transaction if it meets the control parameters and the control signal itself is not authorized in any way.

As the closest analogue, the method and system for changing the state of the object (application for invention WO 2012025826, IPC G06Q 20/00; priority August 27, 2010 US 61377876, August 26, 2011 US 13219031; publ. 01.03.2012), which allow setting active or blocked the state of the object by the user and change this state if necessary using a mobile phone or other device, the signal from which is additionally authorized.

Like the above, the specified system and method does not allow you to manage the status of non-financial objects, and in addition, the storage of data on the financial product (name and surname of the owner, account number, usage limit, etc.) and its condition (active / blocked) in one place reduces system reliability.

None of the known methods allows you to control the state of an object that is not a financial product, for example, an alarm system for a car or premises, access systems to rooms, including secret ones, to safes, special equipment, etc.

The authors were faced with the task of creating a method and system that could overcome the disadvantages of known solutions and provide the ability to control the state of an object, whether it is a financial product or not, using a mobile device, with additional authorization of each control signal, with the ability to connect to one profile the user of several objects and to one object - several user devices so that the stored information about the state of the object does not contain data s about the object (account number, card number, address, etc.).

The problem is solved in that the proposed method for controlling the state of an object includes the use of a mobile device of a user that has the authority to control the state of the object, and the specified device has an address and the ability to initiate a control signal over wireless networks, receiving the specified control signal from a mobile device of the user over networks wireless communications by means of a signaling network, using a data warehouse including a first database containing address information If the user's mobile device and its profile, and at least one second database containing information about the user’s profile, about the identifier of the object associated with the specified profile, and about the set of values of the state parameters of the specified object, authorization of the control signal by requesting and receiving a password installed on the user’s profile and verification of the mobile device from which the control signal was received, this verification includes extracting information about the address, IMSI and location from the signal network the specified mobile device of the user and the subsequent comparison of the obtained values with the values stored in the user profile, and a change in the set of values of the state parameters of the object associated with the user profile, when the compared values coincide or the control signal deviates when at least one of the compared values does not match, where IMSI is unique identification number of a SIM card subscriber of a wireless network of GSM, UMTS, LTE standards, described by E.212 ITU recommendation. When implementing the proposed method, either a GSM standard, a UMTS standard, or an LTE standard are used as a wireless communication network, and either an OKS-7 network or a VoIP network is used as a signal network. The MSISDN of the user's device is used as the address of the mobile device, while the method of receiving the control signal is selected from the group including USSD, SMS, mobile Internet, a request for establishing a voice call, and the object is selected from the group including, but not limited to, a bank account, account bank card, electronic wallet, alarm device, electronic lock device, digital signature, account, where MSISDN (Mobile Subscriber Integrated Services Digital Number) is the subscriber’s phone number associated with the SIM card with ti wireless communication intended for making and receiving mobile units in GSM networks standards, UMTS, LTE. A user profile includes at least a user ID, a password set on the specified profile, IMSI and location corresponding to at least one address of the user's mobile device.

To implement the proposed method, a system is used to control the state of an object using a mobile device, which includes a control signal processing module, a data warehouse containing a database controller, a first database and at least one second database, a request processing unit of service providers, containing interconnected controller service modules and at least one service module, and a signal data module. The control signal processing module of the proposed system is connected to the database controller and the signal data module and is configured to receive a control signal for changing the state of the object from the user's mobile device via wireless communication networks using the signal network and with the possibility of authorizing the control signal by requesting and receiving the password set on the user profile, and checking the mobile device from which the specified control signal was received, which includes extracting from a signal network of information about the address of the specified mobile device, generating a command to the signal data module to obtain IMSI values and locations for the specified address of the mobile device and then comparing the obtained values with the values stored in the user profile, as well as with the possibility of generating a command to the database controller to change the set of values of the state parameters of the object associated with the profile of the specified user, when the compared values coincide. The control signal processing module of the proposed system is configured to receive a control signal from a user’s mobile device via wireless networks of either GSM standard, or UMTS standard, or LTE standard, using the OKS-7 or VoIP signaling network, using one of the methods from the group including in particular, USSD, SMS, mobile Internet, a request for establishing a voice call. The database controller of the proposed system is connected to the control signal processing module and the service module controller and is configured to place, retrieve and modify data in these databases by command from the control signal processing module and / or service module controller. The data warehouse of the proposed system contains databases, including, in particular, information about the address of the user's mobile device and its profile, about the identifier of the object associated with the specified profile, and about the totality of the state parameters of the specified object. The controller of the service modules of the proposed system is connected to the database controller and is configured to receive and process requests from the service provider to obtain information about the state of the object by receiving the object identifier from the service module, generating a command to the database controller to retrieve the values of the object state parameters corresponding to the specified identifier, and transferring the extracted values to the specified service provider through the corresponding service module, and the specified service module is issued It is capable of connecting and interacting with the specified service provider and transmitting and receiving the object identifier and parameter values of the object corresponding to the identifier using the protocol from the set of TCP / IP network protocols. The signal data module of the proposed system is configured to extract information from the signal processing network from the control signal processing module about the location of the mobile device and the IMSI value corresponding to the address of the mobile device.

The technical result of the invention is to create a method and system that provides:

a) the ability to control the state of the object, whether it is a financial product or not, using a mobile device;

b) improving the security of the process of managing the state of the object by additional authorization of the control signal;

c) reducing the possibility of conducting a fraudulent transaction or other action with an object, achieved through the use of different channels to control the state of the object and request information about the state of the specified object;

d) improving the reliability and security of the system, achieved by storing confidential information about the object separately from information about its condition.

In order to describe the invention, the following concepts are used:

An object is a certain entity (device, program, account, bank account, process, etc.) that has a certain state and an algorithm of behavior, having given values of parameters and operations with them;

Object state - a set of values of object parameters at a given time, determined by the user;

User - an individual or legal entity, or their representatives, or a group of jointly acting persons with the authority to control the state of the facility and having unique identification data, including, but not limited to, the user ID, some electronic address of the mobile device, for example, MSISDN;

Service Provider - an automatic system or device external to the proposed system that performs basic operations with the object or provides access to it for the user based on data on the state of the specified object received from the proposed system. For example, a bank server.

In FIG. 1 shows a block diagram of a system used to implement the proposed method. The system is a combination of software and hardware interacting with each other and consists of the following elements: 1 - control signal processing module, 2 - data storage, 3 - database controller, 4 - database combination, 5 - service provider request processing block, 6 - controller of service modules, 7 - service module of provider A, 8 - service module of provider B, 9 - service module of provider N, 10 - signal data module.

Figure 2 is a block diagram illustrating the implementation of the invention using the proposed system, where 11 is a set of mobile devices of a user, 12 is a wireless communication network, 13 is a provider A, 14 is a provider B, 15 is a provider N.

The control signal processing module 1 of the proposed system is configured to connect to the wireless communication network using ISUP, MAP signal network OKS-7 or H.323, SIP signaling VoIP network, connected to the signal data module 10 and the database controller 3 and executes in particular, the following functions: interaction with the user when receiving a control signal from the user's mobile device via a wireless communication network to change the state of the object; authorization of the specified control signal by requesting the password set on the user profile and checking the mobile device from which the specified control signal was received, this check includes extracting information about the address of the specified mobile device from the corresponding signal network, generating a command to the signal data module 10 to obtain values IMSI and locations for the specified address, subsequent comparison of the received values with the values stored in the user profile; generating a command to the controller 3 databases to change the set of values of the state parameters of the object associated with the user profile, when the compared values coincide, or the control signal is rejected if at least one of the compared values does not match.

Using the control signal processing module 1 for additional authorization of the control signal by requesting a password and checking the mobile device allows controlling the state of the object only from those mobile devices that are associated with the user profile, and only by a person who knows the password set on the specified profile, which provides an increase security of the process of managing the state of the object, as well as expanding management capabilities through interaction with various mobile devices and user.

The data warehouse 2 of the proposed system contains a database controller 3 and a collection of databases 4 containing predefined related information, for example, the address of at least one mobile device of the user and his profile, information about the user profile and the identifier of at least one object associated with the specified profile, and a set of values of the state parameters of at least one object.

The database controller 3 is connected to the control signal processing module 1 and the service module controller 6 and provides the ability to place, retrieve and modify data in the specified databases. The database controller 3 performs, in particular, the following tasks: receiving commands from the control signal processing module 1 to save or change information about the user profile or object state parameters; receiving commands from the controller 6 service modules to retrieve the values of the object state parameters and transfer the extracted information.

The use of data warehouse 2 provides the ability to control the state of an object, whether it is a financial product or not, by creating a user profile and correlating identifiers of various objects and information about their status with it.

The service provider request processing unit 5 contains at least one service module 7 ... 9 and a service module controller 6 connected to the database controller 3 and each service module.

The controller 6 service modules performs the function of receiving from the service provider through the corresponding service module 7 ... 9 the identifier of the object; generating a command to the controller 3 databases to retrieve the values of the state parameters of the object corresponding to the specified identifier; and transmitting the extracted values to the service provider through the corresponding service module.

Service module 7 ... 9 is configured to connect to a service provider and acts as an interface for interacting with a specific provider, including receiving and transmitting a request for the status of an object and negotiating protocols when interacting with various systems of providers. The specified request about the state of the object includes the identifier of the object, which is associated with a specific user profile in the database. This identifier serves for the purpose of determining the corresponding user and object profile and does not contain any data about the object itself (account number, card number, address, etc.).

Using the block 5 for processing requests from service providers reduces the possibility of fraudulent transactions or other actions on the object, since the request for the state of the object from the service provider is received on a channel other than the channel through which the user controls the state of the object, in addition, to control the state The object and the request for this state use a predefined identifier that does not contain information about the object itself (bank card number, address, bank number females, etc.), which allows to exclude the transfer of this information through communication channels during the transaction.

The signal data module 10 is connected to the control signal processing module 1 and is configured to connect to the OKS-7 or VoIP signaling networks and extract from the signaling networks information about the location of the mobile device and IMSI values corresponding to the address of the mobile device, for example, by sending to the network MAP request SRI-for-SM or ATI request, where MAP (Mobile Application Part) - standardized, 3GPP TS 29.002, a protocol for the interaction of wireless network infrastructure elements with some nodes of wireless operator networks Communications, SRI-for-SM (SEND-ROUTING-INFO-FOR-SM) - operation specified by ETSI TS 129 002 / 3GPP TS 29.002, ATI (Any Time Interrogation) - operation specified by 3GPP TS 29.002 (MAP specification).

The use of signal data module 10 affects the safety of the process of managing the state of the object, as it provides the ability to obtain information about the IMSI and the location of the mobile device for checking it. It is known that there are fraudulent ways to generate voice calls and SMS by substituting MSISDN, while substituting IMSI is technically much more complicated.

The following describes one embodiment of the proposed method using the proposed system.

Interaction with the user when creating the profile and saving the state parameters of the object is not included in the proposed technical solution and is mentioned in the description of the invention in order to demonstrate the implementation of the proposed method. Such interaction can be performed by any known method, both on-line and off-line, in particular via wireless networks or the Internet, by a personal visit to the provider's office.

Example 1

By default, an object is set to a locked state. To use the object (pay by card, disarm, unlock the lock, etc.), it is necessary to put it in an active state by sending a control signal to the proposed system.

To do this, the following actions are performed:

1. A user dials an access code on his mobile device 11 using one of the methods provided by the wireless network, including, but not limited to, the USSD command, voice call, SMS. A request for this access code is sent to the control signal processing module 1 by means of the signaling network OKS-7 or VoIP.

2. The control signal processing module 1 receives the indicated request by the access code, retrieves the address of the mobile device 11 of the user from which the request was received, establishes a network initiated USSD session and sends the password request to the user.

3. The user receives a network initiated USSD session on his mobile device 11 and dials the password set to access his profile (the same for all objects related to the profile and not associated with a real password for these objects).

4. If the password is correct, the control signal processing module 1 continues the dialogue with the user to generate a control signal for changing the state of the object, for example, sends the user a request for the number or object identifier (in case there are more than one object), a request for the state to which object (if there are more than two such states). At the same time, in the process of signal exchange, the control signal processing module 1 sends a request to the signal data module 10 to obtain IMSI values and the current location corresponding to the address of the user’s mobile device 11 from which the request for access to change the state of the object was received.

5. The signal data module 10 receives these values from the OKS-7 signal network and passes them to the control signal processing module 1.

6. The control signal processing module 1 compares the obtained IMSI values and locations with the user profile parameters stored in one of the databases 4.

7a. The control signal processing module 1 authorizes the control signal to change the state of the object when the compared values coincide and generates a command to the database controller 3 to establish the specified object for this user in the active state.

7b. The control signal processing unit 1 rejects the control signal if the received information (IMSI and location) and user profile parameters do not match.

The reverse change of the state of the object from active to inactive occurs in the same order, but it is possible to set the automatic transfer of the object to a blocked state after a certain period of time.

Further use of the object may, for example, look as follows.

Example 2

The user presents a bank card for payment in the store, the payment system contacts the service provider 12 ... 15, in this case the bank, to confirm the transaction, the bank, in turn, accesses the proposed system through the appropriate service module 7 ... 9, passing in the request only the identifier of the object, without indicating any information related to the financial account or transaction. In response to this request, the request processing unit 5 of the service providers of the proposed system analyzes the identifier of the object and the service provider (bank), receives from the controller 3 databases and transmits information about the state of the object to the specified service provider, for example, confirmation that the object is not blocked. The Bank uses this information to decide on the transaction.

If the object is in a blocked state, and the user (or the attacker) takes direct action with the object, for example, presents a bank card for payment on the Internet, the payment system contacts the service provider 12 ... 15, in this case the bank, to confirm the transaction. The Bank, in turn, accesses the proposed system through the appropriate service module 12 ... 15, passing in the request the identifier of the object. In response to this request, the request processing unit 5 of the service system of the proposed system analyzes the identifier of the object and the service provider (bank), receives from the controller 3 databases and transmits information about the state of the object to the specified service provider, in this case, confirmation that the object is blocked. The Bank uses this information to decide on the rejection of the transaction.

It should be noted that the implementation of the proposed method is not limited to the above examples and does not exclude other options for interaction with the user and / or service provider. Perhaps, in particular, the use of other protocols, an increase in the number of modifiable parameters, object management from several mobile devices of the user.

Claims (15)

1. A method of controlling the state of an object using a mobile device, which includes using and authorizing a control signal to change the state of the object from the user's mobile device and checking the mobile device from which the control signal was received, and changing the state of the object upon successful completion of authorization and verification,
characterized in that
a control signal receiving method is selected from the group including USSD, SMS, mobile Internet, a request for establishing a voice call,
to check the control signal from the signal network, information about the address, IMSI and location of the specified mobile device is extracted and the obtained values are compared with the values stored in the user profile,
use a system that includes a database containing information about the status of at least one object associated with the user profile, and the object is selected from the group including a bank account, bank card account, electronic wallet, alarm device, electronic lock device, digital signature , an account, and to determine the object using an identifier that does not contain confidential information about the object itself,
the system additionally includes a database controller, made in such a way that it allows to retrieve and / or change the values of the state parameters of the object by a control signal from the user, and, upon request from the controller of the service module, retrieve and transmit information about the state of the object,
at the same time, the state control of the object and the use of this object are separated in time and channels, and when using the object they additionally turn to the system to obtain information about the state of the object. 2. The method according to claim 1, wherein the control signal for changing the state of the object from the user's mobile device is received over a GSM wireless network. 3. The method according to p. 1, in which the control signal for changing the state of an object from a user's mobile device is received over a UMTS wireless communication network. 4. The method according to claim 1, wherein the control signal for changing the state of the object from the user's mobile device is received over the LTE wireless communication network. 5. The method according to any one of paragraphs. 1-4, in which the control signal for changing the state of the object from the user's mobile device is received over the wireless communication network by means of the OKS-7 signaling network. 6. The method according to any one of paragraphs. 1-4, in which the control signal for changing the state of the object from the user's mobile device is received over a wireless communication network by means of a VoIP signaling network. 7. The method according to claim 1, in which the MSISDN device is used as the address of the user's mobile device. 8. The method according to claim 1, in which the user profile includes at least a user ID, a password set on the specified profile, IMSI and location corresponding to at least one address of the user's mobile device. 9. A system for managing the state of an object using a mobile device, including
a control signal processing module selected from the group including USSD, SMS, mobile Internet, a voice call request connected to a database controller and a signal data module and configured to receive a control signal to change the state of an object from a user's mobile device via a wireless network communication means of the signal network, and
with the ability to authorize the control signal by requesting and receiving a password set on the user profile, and checking the mobile device from which the specified control signal was received, including retrieving from the signal network information about the address of the specified mobile device, generating a command to the signal data module to obtain IMSI values and locations for the specified address of the mobile device and subsequent comparison of the obtained values with the values stored in the user profile, and
with the ability to generate a command to the database controller to change the set of values of the state parameters of the object associated with the profile of the specified user, with the coincidence of the compared values,
a data warehouse including a database controller, and
the first database containing predefined related information about the address of at least one mobile device of the user and his profile, and
at least one second database containing predefined related information about the user profile, the identifier of at least one object selected from the group including a bank account, bank card account, electronic wallet, alarm device, electronic lock device, electronic-digital the signature, account and associated with the specified profile, and about the totality of the values of the state parameters of the specified object,
moreover, the specified database controller is connected to the control signal processing module and the service module controller and is configured to retrieve and modify data in the specified databases by command from the control signal processing module and extract and transmit the specified data by command from the service module controller,
a block for processing requests of service providers, including interconnected controller of service modules and at least one service module and configured to receive and process requests from the service provider to obtain information about the state of the object,
moreover, the specified controller of the service modules is connected to the database controller and is configured to receive an object identifier from the service module, generate a command to the database controller to retrieve the values of the object state parameters corresponding to the specified identifier, and transmit the extracted values to the specified service provider through the corresponding service module, but
the specified service module is configured to connect and interact with the specified service provider and transmit-receive the object identifier and object parameter values corresponding to the identifier,
a signal data module configured to extract information from a signal processing network from the control signal processing module about the location of the mobile device and the IMSI value corresponding to the address of the mobile device. 10. The system of claim 9, wherein the control signal processing module is configured to receive a control signal from a user's mobile device via a GSM wireless communication network. 11. The system of claim 9, wherein the control signal processing module is configured to receive a control signal from a user's mobile device via a UMTS wireless communication network. 12. The system of claim 9, wherein the control signal processing module is adapted to receive a control signal from a user's mobile device via an LTE wireless communication network. 13. The system according to any one of paragraphs. 9-12, in which the control signal processing module is configured to receive a control signal from a user’s mobile device via a wireless communication network using the OKS-7 signaling network. 14. The system according to any one of paragraphs. 9-12, in which the control signal processing module is configured to receive a control signal from a user's mobile device via a wireless communication network by means of a VoIP signaling network. 15. The system of claim 9, wherein the service module is configured to connect and interact with a service provider using a protocol from a set of TCP / IP network protocols.

Images