WO2000031699A1 - Method of, and apparatus for, conducting electronic transactions - Google Patents

Method of, and apparatus for, conducting electronic transactions Download PDF

Info

Publication number
WO2000031699A1
WO2000031699A1 PCT/IB1999/001844 IB9901844W WO0031699A1 WO 2000031699 A1 WO2000031699 A1 WO 2000031699A1 IB 9901844 W IB9901844 W IB 9901844W WO 0031699 A1 WO0031699 A1 WO 0031699A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
mobile telephone
message
memory means
information
Prior art date
Application number
PCT/IB1999/001844
Other languages
French (fr)
Inventor
David Ian Lipton
Michael John Griffin
Original Assignee
Easy Charge Cellular (Pty) Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Easy Charge Cellular (Pty) Limited filed Critical Easy Charge Cellular (Pty) Limited
Priority to AU10694/00A priority Critical patent/AU1069400A/en
Publication of WO2000031699A1 publication Critical patent/WO2000031699A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0866Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3229Use of the SIM of a M-device as secure element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • G06Q20/3255Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks using mobile network messaging services for payment, e.g. SMS
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/363Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction

Definitions

  • This invention relates to a method of, and apparatus for, conducting electronic transactions and more particularly, but not exclusively, to a method of and apparatus for conducting secure electronic transactions over a telephone network, such as a cellular telephone network.
  • third party accounts provides security in that customers do not have to manually enter third party account numbers every time a third party account is paid. Incorrect entry of account numbers is avoided by linking third party accounts to a customer's financial institution. This linking process is cumbersome and limiting for customers and financial institutions and only linked accounts can be paid by customers.
  • Telephonic banking further provides for the purchase of goods or services by quoting a credit card number.
  • the credit card is not physically available to a merchant to read the card magnetically or to make a manual print or copy and this creates a difficulty from a security and authorisation perspective.
  • the customer's financial institution pays the merchant or third party and accepts at least partial liability in the case that the customer does not pay their credit card account.
  • This type of transaction is also commonly used to purchase goods on the Internet.
  • Pre-paid cellular airtime can also be purchased over a cellular telephone by providing a credit card number. Goods and services purchased are limited to those provided by a cellular service provider or those available on the Internet and, as stated above, a difficulty arises in that the financial institution incurs liability for payment.
  • ATM Automatic Teller Machines
  • PIN Personal Identification Number
  • Transaction messages are sent to switches or directly to banks or other financial institutions. These transaction messages are encrypted at a security level that is acceptable to financial institutions.
  • ATMs are not readily accessible and are installed in fixed locations. Customers are also restricted at an ATM in that they cannot pay accounts which are not linked to their banking profile.
  • a method of conducting electronic transactions comprising the steps of: storing an encryption key in a memory means of a mobile telephone; selecting a financial transaction with the mobile telephone from a number of available financial transactions; providing transaction information; generating a transaction message from the selected financial transaction and transaction information; encrypting at least part of the transaction message; transmitting the transaction message from the mobile telephone, over a wireless network.
  • a further feature of the invention provides for the transaction message to be transmitted from the mobile telephone to a receiving station such as a bank or a switch.
  • a still further feature of the invention provides for the mobile telephone to be a cellular telephone or a satellite telephone.
  • the transaction information to include at least one bank account number or bank card number and an associated PIN.
  • the transaction message to include information relating to the selected transaction, a bank account number or bank card number and the PIN; for at least the PIN to be encrypted; and for the transaction message to include error check information to facilitate the authentication of the mobile telephone or SIM card at the receiving station and to facilitate the validation of the integrity of the message at the receiving station.
  • the memory means to be a SIM card or to be an Integrated Circuit (IC) memory chip or a microprocessor.
  • IC Integrated Circuit
  • the invention extends to a mobile telephone having input means for inputting transaction information and for selecting a financial transaction from a number of available financial transactions; memory means for storing at least an encryption key; generating means for generating an at least partially encrypted transaction message from the transaction information, information relating to the selected financial transaction and the encryption key; and transmission means for transmitting the message over a wireless network.
  • the memory means is a SIM card; alternatively, for the memory means to be an Integrated Circuit (IC) memory chip or a microprocessor.
  • IC Integrated Circuit
  • the transaction information such as a bank account number or a bank card number, to be stored on the memory means.
  • an encryption algorithm to be stored in the memory means and for the encryption algorithm to generate a new encryption key for each new encryption message generated.
  • a further feature of the invention provides for error check information to be transmitted with the message.
  • the error check information facilitates the validation of the integrity of a transaction message received by a receiving station and also facilitates the authentication of the mobile phone or SIM card from which the message is received at the receiving station.
  • the receiving station to be a switch or a financial institution; and for the financial institution or switch to effect a financial transaction in response to receiving the message.
  • the method utilises and includes the following apparatus: a switch 12 which houses a secure translator 14, a point of sale (POS) terminal 16, a mobile telephone such as a cellular telephone 18, a financial institution 20 and at least one content provider 22.
  • POS point of sale
  • the switch 12 is connected to at least one cellular telephone 18 via a cellular telephone network and is further connected by means of a fixed land-based communication line to at least one financial institution 20 and at least one POS terminal 16.
  • the content providers 22 subscribe to the services of the switch 12, which provides a user of a cellular telephone 18 with the means to conduct a secure electronic transaction between a content provider 22 and a financial institution 20.
  • the switch 12 has the facility to receive transaction messages transmitted over a cellular telephone network by a cellular telephone 18 and forward the messages to a financial institution 20 with the instructions necessary to effect a transaction involving a particular content provider 22 in accordance with the transaction message.
  • a transaction message received by the switch 12 contains encrypted information which is translated, by the translator 14, into an encryption format that the financial institution 20 will have the means to interpret.
  • a SIM card of the cellular telephone 18 has an initial encryption key and an encryption algorithm stored thereon as described below.
  • a unique initial encryption key is generated by the switch 12 to be associated with a specific SIM card during the manufacture of the SIM cards.
  • Transportation of a database of initial encryption keys to a manufacturer of the SIM cards takes place in at least to distinct separate paths.
  • Each initial encryption key is divided into at least two parts so that each part of an initial encryption key is rendered useless by itself. These divided parts are then transported via the two paths so that the transportation from the switch to the manufacturer of the initial encryption keys is secure.
  • the initial encryption keys are reassembled on arrival at the manufacturer of the SIM cards where a particular initial encryption key is stored on a secure zone of a particular SIM card during the manufacturing process.
  • a database of initial encryption keys and corresponding SIM identities is stored securely within translator 14 resident at the switch 12.
  • Transaction messages are transmitted from the cellular telephone 18 and consist of a bank account number or bank card number and an associated PIN (referred to in this specification as the "transaction information") and information relating to a selected transaction from a number of available choices.
  • a menu of available choices may be displayed on a screen of the cellular telephone 18 or may be made available in any convenient manner such as in printed format.
  • the transaction message is generated by a generating means in the mobile telephone.
  • the generating means can be software stored in the memory means or can be dedicated hardware for generating transaction messages or a combination of both.
  • a registration process is required in order to initialize a secure transaction facility.
  • the registration process involves storing a user's banking details such as the user's bank account or bank card number on a secure zone of the SIM card. It is envisaged that this will take place at the POS terminal 16.
  • the POS terminal 16 then stores the banking details in a secure zone on the SIM card.
  • a request for the registration of this particular SIM card identity within the system is transmitted to the switch 12 from the POS terminal 16. It will be appreciated that the banking details of a user can be transmitted for storage on the SIM card over a cellular network or can be stored on the SIM card by inserting the SIM card into a writer at the POS terminal 16.
  • the switch 12 validates the integrity of the information received using error check information that authenticates the POS terminal 16 and SIM card before returning a response message that is encrypted using the same initial encryption key.
  • the error check information is transmitted with all messages that are transmitted in the system. The error check information allows for checking of both the validity of the source of a message and the correctness of a received message.
  • the SIM card now validates the accuracy of the response message from the switch 12.
  • Both the switch 12 and SIM card using information from both the request and response messages, update the initial encryption key using the encryption algorithm for use in the next transaction.
  • Using an algorithm common to the SIM card and the switch a new encryption key is derived for each new message in the system. An encryption technique such as this will ensure a different encryption key for each transaction message of each individual cellular telephone.
  • the cellular telephone After registration, the cellular telephone provides a user interface that enables the user to select from a menu of financial transactions.
  • This functionality i.e. the structure and content of the menu, is provided in the cellular telephone firmware, using a SIM toolkit, a Wireless Application Protocol (WAP) interface or a means provided in another format such as printed hardcopy format as described above.
  • WAP Wireless Application Protocol
  • a hardcopy menu will have numbers corresponding to available financial transactions for keying the numbers into the input means or keypad of the mobile telephone. It will be appreciated that the input means can be electronic input means as opposed to being a keypad.
  • the user is prompted to select a transaction as well as a bank account or card from their banking profiles.
  • a bank Personal Identification Number PIN
  • ATM Automatic Teller Machine
  • PIN bank Personal Identification Number
  • a transaction message is generated and transmitted via a cellular network to the switch 12.
  • the transaction message comprises an encrypted bank PIN, which is a product of the newly generated encryption key, information relating to the selected transaction as well as transaction information together with error check information.
  • the transport mechanism for the transaction message is a Short Message Service (SMS).
  • SMS Short Message Service
  • the switch 12 validates the accuracy of the transaction message by utilising the error check information and relays the instruction to the appropriate content provider 22 and/or financial institution 20.
  • Information of a financial settlement is forward to a financial institution 20 after translation thereof by the translator 14 to an encrypted message with an encryption key that it has in common with the financial institution. All transaction messages are sent and forwarded together with error check information to ensure successful and accurate transmission and receipt.
  • the method of conducting electronic transactions described herein is a secure method in that at least part of the information transmitted from the mobile telephone 18 is encrypted and cannot be read if it is fraudulently intercepted.
  • the translator used at the switch 12 is secure in that the translation process cannot be accessed or read and the translator itself cannot be opened to access the information therein.
  • a translator as is known in the art is used. Such a translator will erase all information if it is tampered with and no electronic access to the translation process from outside such a translator is possible.
  • the information transmitted from the switch to a financial institution or to a content provider is also encrypted and can not be understood if intercepted.
  • the transaction method is secure and customers using a mobile telephone can pay any third party accounts from their mobile telephones.
  • Third party accounts do not have to be linked to a customer's banking profile to transfer funds to these accounts.
  • Third parties subscribe to the services of the switch 12 and do not have to be linked to a financial institution.
  • the switch 12 instead of the switch 12 being in fixed land-based communication with a financial institution 20 or content provider 22, the switch 12 can be in wireless communication with a financial institution 20 or content provider 22.
  • the memory means can be an integrated circuit memory chip or a microprocessor having embedded memory instead of being a SIM card.
  • the mobile phone used can be a cell phone as is known in the art or can be a satellite telephone any other portable device capable of accessing a wireless communication network. It is also unnecessary to store bank account numbers or bank card numbers on the memory means of the mobile telephone. These may be manually entered using the input means of a mobile terminal or keypad of a mobile telephone.

Abstract

This invention provides a method of conducting electronic transactions comprising the steps of: storing an encryption key in a memory means of a mobile telephone; selecting a financial transaction with the mobile telephone from a number of available financial transactions; providing transaction information; generating a transaction message from the selected financial transaction and transaction information; encrypting at least part of the transaction message; and transmitting the transaction message from the mobile telephone, over a wireless network. The invention extends to a mobile telephone having input means for inputting transaction information and for selecting a financial transaction from a number of available financial transactions; memory means for storing at least an encryption key; generating means for generating an at least partially encrypted transaction message from the transaction information, information relating to the selected financial transaction and the encryption key; and transmission means for transmitting the message over a wireless network.

Description

METHOD OF, AND APPARATUS FOR, CONDUCTING ELECTRONIC
TRANSACTIONS
Technical Field This invention relates to a method of, and apparatus for, conducting electronic transactions and more particularly, but not exclusively, to a method of and apparatus for conducting secure electronic transactions over a telephone network, such as a cellular telephone network.
Background Art
The use of telephones to conduct electronic financial transactions is well known in the art. Most commonly, Duel-Tone Multi-Frequency (DTMF) communication protocols of telephones are used to provide customers with access to banking services. This type of facility is only available to customers of a particular financial institution. Thus, only a closed system is available and customers have to link third party accounts to their financial institutions to, for example, transfer funds to third party accounts.
The linking of third party accounts provides security in that customers do not have to manually enter third party account numbers every time a third party account is paid. Incorrect entry of account numbers is avoided by linking third party accounts to a customer's financial institution. This linking process is cumbersome and limiting for customers and financial institutions and only linked accounts can be paid by customers.
Telephonic banking further provides for the purchase of goods or services by quoting a credit card number. In this case the credit card is not physically available to a merchant to read the card magnetically or to make a manual print or copy and this creates a difficulty from a security and authorisation perspective. With credit card transactions, the customer's financial institution pays the merchant or third party and accepts at least partial liability in the case that the customer does not pay their credit card account. This type of transaction is also commonly used to purchase goods on the Internet. Pre-paid cellular airtime can also be purchased over a cellular telephone by providing a credit card number. Goods and services purchased are limited to those provided by a cellular service provider or those available on the Internet and, as stated above, a difficulty arises in that the financial institution incurs liability for payment.
Automatic Teller Machines (ATM's) provide a means for secure electronic banking. At an ATM, a card reader reads a bank card and a secret Personal Identification Number (PIN) is provided by a customer to authorise the transaction. Transaction messages are sent to switches or directly to banks or other financial institutions. These transaction messages are encrypted at a security level that is acceptable to financial institutions. ATMs are not readily accessible and are installed in fixed locations. Customers are also restricted at an ATM in that they cannot pay accounts which are not linked to their banking profile.
Objective of the Invention
It is an object of this invention to provide a method of, and apparatus for, conducting electronic transactions which, at least partially, alleviates some of the abovementioned difficulties.
Disclosure of the Invention
In accordance with this invention there is provided a method of conducting electronic transactions comprising the steps of: storing an encryption key in a memory means of a mobile telephone; selecting a financial transaction with the mobile telephone from a number of available financial transactions; providing transaction information; generating a transaction message from the selected financial transaction and transaction information; encrypting at least part of the transaction message; transmitting the transaction message from the mobile telephone, over a wireless network.
A further feature of the invention provides for the transaction message to be transmitted from the mobile telephone to a receiving station such as a bank or a switch.
A still further feature of the invention provides for the mobile telephone to be a cellular telephone or a satellite telephone.
There is also provided for the transaction information to include at least one bank account number or bank card number and an associated PIN.
Further features of the invention provide for the transaction message to include information relating to the selected transaction, a bank account number or bank card number and the PIN; for at least the PIN to be encrypted; and for the transaction message to include error check information to facilitate the authentication of the mobile telephone or SIM card at the receiving station and to facilitate the validation of the integrity of the message at the receiving station.
There is still further provided for the memory means to be a SIM card or to be an Integrated Circuit (IC) memory chip or a microprocessor.
Further features of the invention provide for an encryption algorithm to be stored on the memory means; and for copies of the encryption algorithm and the encryption key to be stored at the switch or the financial institution.
The invention extends to a mobile telephone having input means for inputting transaction information and for selecting a financial transaction from a number of available financial transactions; memory means for storing at least an encryption key; generating means for generating an at least partially encrypted transaction message from the transaction information, information relating to the selected financial transaction and the encryption key; and transmission means for transmitting the message over a wireless network.
There is provided for the memory means to be a SIM card; alternatively, for the memory means to be an Integrated Circuit (IC) memory chip or a microprocessor.
There is provided for at least some of the transaction information, such as a bank account number or a bank card number, to be stored on the memory means.
There is provided for an encryption algorithm to be stored in the memory means and for the encryption algorithm to generate a new encryption key for each new encryption message generated.
A further feature of the invention provides for error check information to be transmitted with the message. The error check information facilitates the validation of the integrity of a transaction message received by a receiving station and also facilitates the authentication of the mobile phone or SIM card from which the message is received at the receiving station.
Further features of the invention provide for the receiving station to be a switch or a financial institution; and for the financial institution or switch to effect a financial transaction in response to receiving the message.
These and other features of the invention are described in more detail below. Brief Description of the Drawing
A preferred method and embodiment of the invention is described below by way of example only, and with reference to the accompanying drawing, which shows a schematic block diagram of a method of and apparatus for conducting electronic transactions.
Best Mode of Carrying out the Invention
With reference to the accompanying drawing, a method for conducting an electronic transaction is shown schematically, and apparatus for use in the method are generally indicated by reference numeral 10.
The method utilises and includes the following apparatus: a switch 12 which houses a secure translator 14, a point of sale (POS) terminal 16, a mobile telephone such as a cellular telephone 18, a financial institution 20 and at least one content provider 22.
The switch 12 is connected to at least one cellular telephone 18 via a cellular telephone network and is further connected by means of a fixed land-based communication line to at least one financial institution 20 and at least one POS terminal 16.
The content providers 22 subscribe to the services of the switch 12, which provides a user of a cellular telephone 18 with the means to conduct a secure electronic transaction between a content provider 22 and a financial institution 20. The switch 12 has the facility to receive transaction messages transmitted over a cellular telephone network by a cellular telephone 18 and forward the messages to a financial institution 20 with the instructions necessary to effect a transaction involving a particular content provider 22 in accordance with the transaction message. Furthermore, a transaction message received by the switch 12 contains encrypted information which is translated, by the translator 14, into an encryption format that the financial institution 20 will have the means to interpret. A SIM card of the cellular telephone 18 has an initial encryption key and an encryption algorithm stored thereon as described below. A unique initial encryption key is generated by the switch 12 to be associated with a specific SIM card during the manufacture of the SIM cards. Transportation of a database of initial encryption keys to a manufacturer of the SIM cards takes place in at least to distinct separate paths. Each initial encryption key is divided into at least two parts so that each part of an initial encryption key is rendered useless by itself. These divided parts are then transported via the two paths so that the transportation from the switch to the manufacturer of the initial encryption keys is secure. The initial encryption keys are reassembled on arrival at the manufacturer of the SIM cards where a particular initial encryption key is stored on a secure zone of a particular SIM card during the manufacturing process. A database of initial encryption keys and corresponding SIM identities is stored securely within translator 14 resident at the switch 12.
In addition to the installation of the initial encryption key on a SIM card an encryption algorithm is also stored on the SIM cards. The encryption algorithm is used to encrypt transaction messages with the use of encryption keys. Transaction messages are transmitted from the cellular telephone 18 and consist of a bank account number or bank card number and an associated PIN (referred to in this specification as the "transaction information") and information relating to a selected transaction from a number of available choices. A menu of available choices may be displayed on a screen of the cellular telephone 18 or may be made available in any convenient manner such as in printed format. The transaction message is generated by a generating means in the mobile telephone. The generating means can be software stored in the memory means or can be dedicated hardware for generating transaction messages or a combination of both.
Once a customer has purchased a SIM card for use in a cellular telephone, a registration process is required in order to initialize a secure transaction facility. The registration process involves storing a user's banking details such as the user's bank account or bank card number on a secure zone of the SIM card. It is envisaged that this will take place at the POS terminal 16. Customers swipe the bank card through a magnetic strip reader at the POS terminal 16 thereby enabling the POS terminal 16 to access their banking details. The POS terminal 16 then stores the banking details in a secure zone on the SIM card. A request for the registration of this particular SIM card identity within the system is transmitted to the switch 12 from the POS terminal 16. It will be appreciated that the banking details of a user can be transmitted for storage on the SIM card over a cellular network or can be stored on the SIM card by inserting the SIM card into a writer at the POS terminal 16.
On receipt of the registration request message, the switch 12 validates the integrity of the information received using error check information that authenticates the POS terminal 16 and SIM card before returning a response message that is encrypted using the same initial encryption key. The error check information is transmitted with all messages that are transmitted in the system. The error check information allows for checking of both the validity of the source of a message and the correctness of a received message.
The SIM card now validates the accuracy of the response message from the switch 12. Both the switch 12 and SIM card, using information from both the request and response messages, update the initial encryption key using the encryption algorithm for use in the next transaction. Using an algorithm common to the SIM card and the switch, a new encryption key is derived for each new message in the system. An encryption technique such as this will ensure a different encryption key for each transaction message of each individual cellular telephone.
After registration, the cellular telephone provides a user interface that enables the user to select from a menu of financial transactions. This functionality, i.e. the structure and content of the menu, is provided in the cellular telephone firmware, using a SIM toolkit, a Wireless Application Protocol (WAP) interface or a means provided in another format such as printed hardcopy format as described above. A hardcopy menu will have numbers corresponding to available financial transactions for keying the numbers into the input means or keypad of the mobile telephone. It will be appreciated that the input means can be electronic input means as opposed to being a keypad.
The user is prompted to select a transaction as well as a bank account or card from their banking profiles. As with transactions initiated at an Automatic Teller Machine (ATM) terminal, a bank Personal Identification Number (PIN) is requested from user to authorise the transaction. Once the transaction information has been obtained from the user, a transaction message is generated and transmitted via a cellular network to the switch 12. The transaction message comprises an encrypted bank PIN, which is a product of the newly generated encryption key, information relating to the selected transaction as well as transaction information together with error check information.
In this embodiment, the transport mechanism for the transaction message is a Short Message Service (SMS). On receiving the transaction message the switch 12 validates the accuracy of the transaction message by utilising the error check information and relays the instruction to the appropriate content provider 22 and/or financial institution 20. Information of a financial settlement is forward to a financial institution 20 after translation thereof by the translator 14 to an encrypted message with an encryption key that it has in common with the financial institution. All transaction messages are sent and forwarded together with error check information to ensure successful and accurate transmission and receipt.
The method of conducting electronic transactions described herein is a secure method in that at least part of the information transmitted from the mobile telephone 18 is encrypted and cannot be read if it is fraudulently intercepted. The translator used at the switch 12 is secure in that the translation process cannot be accessed or read and the translator itself cannot be opened to access the information therein. A translator as is known in the art is used. Such a translator will erase all information if it is tampered with and no electronic access to the translation process from outside such a translator is possible. The information transmitted from the switch to a financial institution or to a content provider is also encrypted and can not be understood if intercepted.
The transaction method is secure and customers using a mobile telephone can pay any third party accounts from their mobile telephones. Third party accounts do not have to be linked to a customer's banking profile to transfer funds to these accounts. Third parties subscribe to the services of the switch 12 and do not have to be linked to a financial institution.
The invention is not limited to the precise details as described herein. For example, instead of the switch 12 being in fixed land-based communication with a financial institution 20 or content provider 22, the switch 12 can be in wireless communication with a financial institution 20 or content provider 22. Also, the memory means can be an integrated circuit memory chip or a microprocessor having embedded memory instead of being a SIM card. The mobile phone used can be a cell phone as is known in the art or can be a satellite telephone any other portable device capable of accessing a wireless communication network. It is also unnecessary to store bank account numbers or bank card numbers on the memory means of the mobile telephone. These may be manually entered using the input means of a mobile terminal or keypad of a mobile telephone.

Claims

1. A method of conducting electronic transactions comprising the steps of: storing an encryption key in a memory means of a mobile telephone; selecting a financial transaction with the mobile telephone from a number of available financial transactions; providing transaction information; generating a transaction message from the selected financial transaction and transaction information; encrypting at least part of the transaction message; transmitting the transaction message from the mobile telephone, over a wireless network.
2. A method as claimed in claim 1 in which the transaction message is transmitted from the mobile telephone to a receiving station.
3. A method as claimed in claim 2 in which the receiving station is a bank.
4. A method as claimed in claim 2 in which the receiving station is a switch.
5. A method as claimed in any one of the preceding claims in which the mobile telephone is a cellular telephone or a satellite telephone.
6. A method as claimed in any one of the preceding claims in which the transaction information includes at least a PIN.
7. A method as claimed in claim any one of claims 1 to 5 in which the transaction information includes at least one bank account number or bank card number.
8. A method as claimed in claim 7 wherein the bank card number or the bank account number is stored in the memory means.
9. A method as claimed in any one of the preceding claims in which the transaction message includes information relating to the selected transaction, a bank account number and a PIN.
10. A method as claimed in any one of claims 1 to 7 in which the transaction message includes information relating to the selected transaction, a bank card number and a PIN.
11. A method as claimed in claim 8 or 9 in which at least the PIN is encrypted before transmission of the transaction message.
12. A method as claimed in any one of the preceding claims in which the transaction message includes error check information to facilitate the validation of the integrity of the transmitted message and to facilitate the authentication of the source from which the message is transmitted.
13. A method as claimed in any one of the preceding claims in which the memory means is a SIM card.
14. A method as claimed in any one of claims 1 to 12 in which the memory means is an Integrated Circuit (IC) memory chip.
15. A method as claimed in any one of claims 1 to 12 in which the memory means is a microprocessor.
16. A method as claimed in any one of the preceding claims in which an encryption algorithm is stored on the memory means.
17. A method as claimed in claim 16 in which copies of the encryption algorithm and the encryption key are stored at the switch.
18. A method as claimed in claim 16 in which copies of the encryption algorithm and the encryption key are stored at the financial institution.
19. A mobile telephone having input means for inputting transaction information and for selecting a financial transaction from a number of available financial transactions; memory means for storing at least an encryption key; generating means for generating an at least partially encrypted transaction message from the transaction information, information relating to the selected financial transaction and the encryption key; and transmission means for transmitting the message over a wireless network.
20. A mobile telephone as claimed in claim 19 in which the memory means is a SIM card.
21. A mobile telephone as claimed in claim 19 in which the memory means is an Integrated Circuit (IC) memory chip.
22. A mobile telephone as claimed in claim 19 in which the memory means is a microprocessor.
23. A mobile telephone as claimed in any one of claim 19 to 22 in which an encryption algorithm is stored in the memory means.
24. A mobile telephone as claimed in claim 23 in which the encryption algorithm generates a new encryption key for each new financial transaction selected and subsequent transaction message generated.
25. A mobile telephone as claimed in any one of claim 19 to 23 in which error check information is transmitted with the transaction message.
26. A mobile telephone as claimed in claim 25 in which the error check information facilitates the authentication of the mobile telephone or SIM card and facilitates the validation of the integrity of the transaction message.
27. A mobile telephone as claimed in any one of claims 19 to 26 wherein the mobile phone transmits a transaction message to a receiving station.
28. A mobile phone as claimed in any one of claims 18 to 26 wherein the mobile telephone transmits a transaction message to a financial institution.
29. A mobile telephone as claimed in claim 27 in which the telephone transmits a transaction message to a switch or to a financial institution acting as a receiving station.
30. A mobile telephone as claimed in claim 19 in which transaction information including a bank account number or bank card number but excluding a PIN is stored in the memory means.
PCT/IB1999/001844 1998-11-22 1999-11-19 Method of, and apparatus for, conducting electronic transactions WO2000031699A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU10694/00A AU1069400A (en) 1998-11-22 1999-11-19 Method of, and apparatus for, conducting electronic transactions

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ZA986510 1998-11-22
ZA98/6510 1998-11-22

Publications (1)

Publication Number Publication Date
WO2000031699A1 true WO2000031699A1 (en) 2000-06-02

Family

ID=25587155

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB1999/001844 WO2000031699A1 (en) 1998-11-22 1999-11-19 Method of, and apparatus for, conducting electronic transactions

Country Status (2)

Country Link
AU (1) AU1069400A (en)
WO (1) WO2000031699A1 (en)

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1178444A1 (en) * 2000-08-01 2002-02-06 mega-tel AG Electronic payment using SMS
WO2002041271A1 (en) * 2000-11-15 2002-05-23 Mahmoud Nabih Youssef Haidar Electronic payment and associated systems
GB2373406A (en) * 2001-03-02 2002-09-18 Nokia Mobile Phones Ltd Wireless transactions
WO2002080122A1 (en) * 2001-03-30 2002-10-10 Harexinfotech Inc. Method and system for settling financial transaction with mobile communications portable terminal containing financial information
FR2827448A1 (en) * 2001-07-12 2003-01-17 Gemplus Card Int Mobile telephone/microprocessor electronic payment method having first certificate key operator sent and second certificate sent securely financial organization control.
WO2003009243A1 (en) * 2001-07-19 2003-01-30 W3 Infocomm Group Pte Ltd Mobile electronic funds transfer system and method
WO2003023727A1 (en) * 2001-09-06 2003-03-20 Nokia Corporation A method and network element for paying by a mobile terminal through a communication network
EP1017029A3 (en) * 1998-12-18 2003-05-14 Fujitsu Limited Portable communication device and system using the portable communication device and attachment for a portable communication device
EP1323085A1 (en) * 2000-09-07 2003-07-02 Euronet Services, Inc Wireless transaction system
EP1365368A2 (en) * 2002-05-23 2003-11-26 SK Telekom Co., Ltd. System and method for financial transactions
WO2003107288A1 (en) * 2002-06-12 2003-12-24 Rumen Stojanov Stojanov Method for mobile payment
EP1341136A3 (en) * 2002-02-28 2004-05-26 Ali Hassan Al-Khaja A method for processing transactions by means of wireless devices
EP1564693A2 (en) * 2004-02-13 2005-08-17 Lorena Amodeo Salaris Group of linked devices for the recording and transmission of data
WO2006016000A1 (en) * 2004-07-30 2006-02-16 Bas Bayod Jose Ignacio Method of making secure payment or collection transactions using programmable mobile telephones
EA008185B1 (en) * 2006-01-23 2007-04-27 Общество С Ограниченной Ответственностью «Интерактивная Мобильная Процессинговая Компания "Мегапэй"» Method for performing off financial transaction (variants)
WO2008091191A1 (en) * 2007-01-26 2008-07-31 Smartrefill I Helsingborg Ab Method and system for securely executing a charge transaction
US7728763B2 (en) 2005-07-19 2010-06-01 Electronics And Telecommunications Research Institute High resolution ranging apparatus and method using UWB
EP2266082A1 (en) * 2008-03-09 2010-12-29 Mahmoud Anass Mahmoud Al-Sahli Sim chip bank system and method
US8140416B2 (en) 2006-06-16 2012-03-20 Itg Software Solutions, Inc. Algorithmic trading system and method
WO2013046062A1 (en) * 2011-09-30 2013-04-04 Turkcell Teknoloji Arastirma Ve Gelistirme Anonim Sirketi A mobile financial transaction system and method
US8924711B2 (en) 2012-04-04 2014-12-30 Zooz Mobile Ltd. Hack-deterring system for storing sensitive data records
US9064257B2 (en) 2010-11-02 2015-06-23 Homayoon Beigi Mobile device transaction using multi-factor authentication
US9342664B2 (en) 2004-07-30 2016-05-17 Etrans L.C. Method to make payment or charge safe transactions using programmable mobile telephones
US10042993B2 (en) 2010-11-02 2018-08-07 Homayoon Beigi Access control through multifactor authentication with multimodal biometrics

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997045814A1 (en) * 1996-05-24 1997-12-04 Behruz Vazvan Real time system and method for remote purchase payment and remote bill payment transactions and transferring of electronic cash and other required data
WO1998034203A1 (en) * 1997-01-30 1998-08-06 Qualcomm Incorporated Method and apparatus for performing financial transactions using a mobile communication unit
WO1998047116A1 (en) * 1997-04-15 1998-10-22 Telefonaktiebolaget Lm Ericsson (Publ) Tele/datacommunications payment method and apparatus
WO1998052151A1 (en) * 1997-05-15 1998-11-19 Access Security Sweden Ab Electronic transaction

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997045814A1 (en) * 1996-05-24 1997-12-04 Behruz Vazvan Real time system and method for remote purchase payment and remote bill payment transactions and transferring of electronic cash and other required data
WO1998034203A1 (en) * 1997-01-30 1998-08-06 Qualcomm Incorporated Method and apparatus for performing financial transactions using a mobile communication unit
WO1998047116A1 (en) * 1997-04-15 1998-10-22 Telefonaktiebolaget Lm Ericsson (Publ) Tele/datacommunications payment method and apparatus
WO1998052151A1 (en) * 1997-05-15 1998-11-19 Access Security Sweden Ab Electronic transaction

Cited By (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1017029A3 (en) * 1998-12-18 2003-05-14 Fujitsu Limited Portable communication device and system using the portable communication device and attachment for a portable communication device
US6885877B1 (en) 1998-12-18 2005-04-26 Fujitsu Limited Portable communication device and system using the portable communication device and attachment for a portable communication device
WO2002011082A1 (en) * 2000-08-01 2002-02-07 Mega-Tel Ag Electronic payment transaction via sms
EP1178444A1 (en) * 2000-08-01 2002-02-06 mega-tel AG Electronic payment using SMS
EP1323085A4 (en) * 2000-09-07 2006-01-18 Euronet Worldwide Inc Wireless transaction system
EP1323085A1 (en) * 2000-09-07 2003-07-02 Euronet Services, Inc Wireless transaction system
HRP20030254B1 (en) * 2000-09-07 2009-12-31 Euronet Worldwide Financial transaction system
CZ301330B6 (en) * 2000-09-07 2010-01-20 Euronet Worldwide, Inc Financial transaction system data source and method of providing financial transactions
AU2001245430B2 (en) * 2000-09-07 2007-05-24 Euronet Worldwide, Inc. Financial transaction system
WO2002041271A1 (en) * 2000-11-15 2002-05-23 Mahmoud Nabih Youssef Haidar Electronic payment and associated systems
GB2373406A (en) * 2001-03-02 2002-09-18 Nokia Mobile Phones Ltd Wireless transactions
WO2002080122A1 (en) * 2001-03-30 2002-10-10 Harexinfotech Inc. Method and system for settling financial transaction with mobile communications portable terminal containing financial information
WO2003007251A1 (en) * 2001-07-12 2003-01-23 Gemplus Payment guarantee method for electronic commerce, particularly by mobile telephone, and the system for implementing same
FR2827448A1 (en) * 2001-07-12 2003-01-17 Gemplus Card Int Mobile telephone/microprocessor electronic payment method having first certificate key operator sent and second certificate sent securely financial organization control.
WO2003009243A1 (en) * 2001-07-19 2003-01-30 W3 Infocomm Group Pte Ltd Mobile electronic funds transfer system and method
WO2003023727A1 (en) * 2001-09-06 2003-03-20 Nokia Corporation A method and network element for paying by a mobile terminal through a communication network
EP1341136A3 (en) * 2002-02-28 2004-05-26 Ali Hassan Al-Khaja A method for processing transactions by means of wireless devices
EP1365368A3 (en) * 2002-05-23 2004-03-03 SK Telekom Co., Ltd. System and method for financial transactions
EP1365368A2 (en) * 2002-05-23 2003-11-26 SK Telekom Co., Ltd. System and method for financial transactions
WO2003107288A1 (en) * 2002-06-12 2003-12-24 Rumen Stojanov Stojanov Method for mobile payment
EP1564693A3 (en) * 2004-02-13 2005-10-12 Lorena Amodeo Salaris Group of linked devices for the recording and transmission of data
EP1564693A2 (en) * 2004-02-13 2005-08-17 Lorena Amodeo Salaris Group of linked devices for the recording and transmission of data
WO2006016000A1 (en) * 2004-07-30 2006-02-16 Bas Bayod Jose Ignacio Method of making secure payment or collection transactions using programmable mobile telephones
US9342664B2 (en) 2004-07-30 2016-05-17 Etrans L.C. Method to make payment or charge safe transactions using programmable mobile telephones
ES2263344A1 (en) * 2004-07-30 2006-12-01 Jose Ignacio Bas Bayod Method of making secure payment or collection transactions using programmable mobile telephones
US7728763B2 (en) 2005-07-19 2010-06-01 Electronics And Telecommunications Research Institute High resolution ranging apparatus and method using UWB
EA008185B1 (en) * 2006-01-23 2007-04-27 Общество С Ограниченной Ответственностью «Интерактивная Мобильная Процессинговая Компания "Мегапэй"» Method for performing off financial transaction (variants)
US8140416B2 (en) 2006-06-16 2012-03-20 Itg Software Solutions, Inc. Algorithmic trading system and method
US8660925B2 (en) 2006-06-16 2014-02-25 Itg Software Solutions, Inc. Algorithmic trading system and method
WO2008091191A1 (en) * 2007-01-26 2008-07-31 Smartrefill I Helsingborg Ab Method and system for securely executing a charge transaction
EP2266082A1 (en) * 2008-03-09 2010-12-29 Mahmoud Anass Mahmoud Al-Sahli Sim chip bank system and method
EP2266082A4 (en) * 2008-03-09 2014-04-30 Mahmoud Anass Mahmoud Al-Sahli Sim chip bank system and method
US10042993B2 (en) 2010-11-02 2018-08-07 Homayoon Beigi Access control through multifactor authentication with multimodal biometrics
US9064257B2 (en) 2010-11-02 2015-06-23 Homayoon Beigi Mobile device transaction using multi-factor authentication
WO2013046062A1 (en) * 2011-09-30 2013-04-04 Turkcell Teknoloji Arastirma Ve Gelistirme Anonim Sirketi A mobile financial transaction system and method
US8924711B2 (en) 2012-04-04 2014-12-30 Zooz Mobile Ltd. Hack-deterring system for storing sensitive data records

Also Published As

Publication number Publication date
AU1069400A (en) 2000-06-13

Similar Documents

Publication Publication Date Title
WO2000031699A1 (en) Method of, and apparatus for, conducting electronic transactions
US20180053167A1 (en) Processing of financial transactions using debit networks
US6032135A (en) Electronic purse card value system terminal programming system and method
EP1772832A1 (en) Method of making secure payment or collection transactions using programmable mobile telephones
US20060224470A1 (en) Digital mobile telephone transaction and payment system
US20120303528A1 (en) System and method for performing a transaction responsive to a mobile device
WO1998034203A1 (en) Method and apparatus for performing financial transactions using a mobile communication unit
EP1817741A2 (en) Methods and systems for performing transactions with a wireless device
WO2001084509A2 (en) Secure payment method and apparatus
KR20040095363A (en) System and method for secure credit and debit card transactions
JPWO2002073483A1 (en) Electronic money settlement method using mobile communication terminal
WO2003083793A2 (en) System and method for secure credit and debit card transactions
WO1999016029A1 (en) Electronic payment system
US9342664B2 (en) Method to make payment or charge safe transactions using programmable mobile telephones
GB2357618A (en) Transaction system
US20020026413A1 (en) Mobile real-time data processing system for use during delivery of products
AU2020201984B2 (en) Transaction security
EP2316101A1 (en) Method and system for managing financial transactions
US20040210529A1 (en) Method of making a monetary transaction between a customer and a merchant
CA2856282C (en) Method for carrying out a transaction, corresponding terminal and computer program.
EP1906349A1 (en) Payment and transaction system using digital mobile telephones
ZA200104018B (en) Method of, and apparatus for, conducting electronic transactions.
KR100928412B1 (en) Payment processing system using virtual merchant network
KR20090004833A (en) System for processing settlement of paymen of card related online account
EP1308912A2 (en) Method and apparatus for crediting debit service accounts

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref country code: AU

Ref document number: 2000 10694

Kind code of ref document: A

Format of ref document f/p: F

AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 200104018

Country of ref document: ZA

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase