WO2007129345A1 - Process and system for confirming transactions by means of mobile units - Google Patents
Process and system for confirming transactions by means of mobile units Download PDFInfo
- Publication number
- WO2007129345A1 WO2007129345A1 PCT/IT2006/000348 IT2006000348W WO2007129345A1 WO 2007129345 A1 WO2007129345 A1 WO 2007129345A1 IT 2006000348 W IT2006000348 W IT 2006000348W WO 2007129345 A1 WO2007129345 A1 WO 2007129345A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- mobile unit
- control device
- previous
- request message
- confirmation message
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3229—Use of the SIM of a M-device as secure element
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/325—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
- G06Q20/3255—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks using mobile network messaging services for payment, e.g. SMS
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/42—Confirmation, e.g. check or permission by the legal debtor of payment
Definitions
- the present invention relates to a process for confirming transactions, for example payments with credit or debit cards, by means of mobile units, for example GSM, UMTS, etc. cellular phones.
- the present invention also relates to a system for carrying out said process.
- IT MI2004A001438 in the name of the same applicant describes a process and an apparatus, in which a transaction is confirmed by means of a SMS (Short Message Service) message sent by a mobile unit of a user, after the latter has received from a control device a request message for confirming said transaction.
- SMS Short Message Service
- Said process and apparatus allow to improve the security of the transactions with credit card and the like, however a hacker could transmit false SMS messages to the user and/or to the control device for carrying out harmful operations and/or for obtaining private data. It is therefore an object of the present invention to provide a process and an apparatus which are free from said disadvantage.
- the encoding and the digital signature are carried out by means of public and private keys, preferably obtained with an asymmetric encryption algorithm, for further improving the security of the transactions.
- Said keys, as well as the security application which employs them, are preferably stored in the same SEvI card of the telephone service provider of the mobile unit, so as to prevent their misappropriation.
- the process according to the present invention comprises in a known way the following operating steps: - a user carries out a transaction with a transaction apparatus TA, for example a payment with a credit card through a POS (Point Of Sale) or Internet or a cash drawing from an ATM (Automatic Teller Machine);
- a transaction apparatus TA for example a payment with a credit card through a POS (Point Of Sale) or Internet or a cash drawing from an ATM (Automatic Teller Machine);
- the transaction data TD for example time, date, place and amount of the transaction
- a control device CD for example a server of a service center connected to means for transmitting SMS messages, for requesting the user to confirm the transaction
- control device CD sends to a mobile unit MU of the user a request message RM containing the transaction data TD;
- the user verifies the transaction data TD through output means OM, in particular a display, of the mobile unit MU;
- the user enters a confirmation code CC in the mobile unit MU through input means EvI, in particular a keyboard, of the mobile unit MU;
- the mobile unit MU sends to the control device CD a confirmation message CM containing the confirmation code CC; - the control device CD confirms the transaction to the transaction apparatus TA if the confirmation message CM is received within a determined time limit and contains a correct confirmation code CC, in particular a same confirmation code CC associated to the mobile unit MU of the user in a digital memory DM in the control device CD.
- control device CD and/or the mobile unit MU are provided with one or more digital memories DM in which suitable security applications SA are stored for encoding and digitally signing the request message RM and/or the confirmation message CM, respectively.
- the request message RM is digitally signed and encoded by the security application SA of the control device CD by means of a public key PU2 assigned to the mobile unit MU and a private key PRl which is assigned to the control device CD and is stored only in the latter.
- the request message RM signed and encoded by the control device CD is then sent to the mobile unit MU, which decodes and verifies the digital signature of the request message RM.
- the security application SA of the mobile unit MU employs a public key PUl assigned to the control device CD and a private key PR2 which is assigned to the mobile unit MU and is stored only in the latter.
- the process according to the present invention comprises then the following operating steps:
- control device CD signs the request message RM by means of its private key PRl; - the control device CD encodes the request message RM by means of the public key PU2 of the mobile unit MU;
- control device CD sends to the mobile unit MU the signed and encoded request message RM;
- the mobile unit MU decodes the request message RM by means of its private key PR2;
- the mobile unit MU verifies the signature of the request message RM by means of the public key PUl of the control device CD.
- the request message RM is displayed by the mobile unit MU, after which the user can reply by entering the confirmation code CC for confirming the transaction or another code for canceling the transaction or for transmitting other information to the control device CD, for example for disabling his credit card in case of fraudulent use.
- the confirmation message CM is digitally signed and encoded by the security application SA of the mobile unit MU by means of the public key PUl and the private key PR2.
- the confirmation message CM signed and encoded by the mobile unit MU is then sent to the control device CD, which decodes and verifies the digital signature of the confirmation message CM.
- the security application SA of the control device CD employs the public key PU2 and the private key PRl.
- the process comprises then also the following operating steps: - the mobile unit MU signs the confirmation message CM by means of its private key PR2; - the mobile unit MU encodes the confirmation message CM by means of the public key PUl of the control device CD;
- the mobile unit MU sends to the control device CD the signed and encoded confirmation message CM, - the control device CD decodes the confirmation message CM by means of its private key PRl;
- control device CD verifies the signature of the confirmation message CM by means of the public key PU2 of the mobile unit MU.
- the security applications SA of the control device CD and/or of the mobile unit MU are preferably started automatically when the confirmation message CM and/or the request message RM, respectively, are received.
- the request message RM and/or the confirmation message CM are SMS messages transmitted in PDU (Protocol
- the security application SA, the public key PUl assigned to the control device CD and/or the private key PR2 assigned to the mobile unit MU are preferably stored in one or more digital memories DM of a SlM card arranged in the mobile unit MU, in particular the same SIM card containing the data of the telephone service provider for the use of the mobile unit MU.
- One or both pairs of public keys PUl, PU2 and private keys PRl, PR2 are preferably obtained by means of an asymmetric encryption algorithm, in particular the RSA (Rivest Shamir Adleman) algorithm, which comprises the following operating steps:
- the request message RM preferably contains the telephone identification number of the control device CD to which the mobile unit MU must send the confirmation message CM.
- the security applications SA can be written by means of known programming languages, such as for example Java and/or e/o SIM Application Toolkit.
- the control device CD may consist of or be connected to a second or further mobile units.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Finance (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Priority Applications (8)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA002651592A CA2651592A1 (en) | 2006-05-10 | 2006-05-10 | Process and system for confirming transactions by means of mobile units |
JP2009508679A JP2009536494A (en) | 2006-05-10 | 2006-05-10 | Process and system for confirming a transaction by a portable unit |
AU2006343142A AU2006343142A1 (en) | 2006-05-10 | 2006-05-10 | Process and system for confirming transactions by means of mobile units |
PCT/IT2006/000348 WO2007129345A1 (en) | 2006-05-10 | 2006-05-10 | Process and system for confirming transactions by means of mobile units |
EP06756286A EP2016542A1 (en) | 2006-05-10 | 2006-05-10 | Process and system for confirming transactions by means of mobile units |
CNA2006800553107A CN101496044A (en) | 2006-05-10 | 2006-05-10 | Method and system for implementing confirmation business by using movable unit mode |
BRPI0621661-7A BRPI0621661A2 (en) | 2006-05-10 | 2006-05-10 | process and system for committing transactions via mobile units |
US12/267,998 US20090094458A1 (en) | 2006-05-10 | 2008-11-10 | Process and system for confirming transactions by means of mobile units |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/IT2006/000348 WO2007129345A1 (en) | 2006-05-10 | 2006-05-10 | Process and system for confirming transactions by means of mobile units |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2007129345A1 true WO2007129345A1 (en) | 2007-11-15 |
Family
ID=37602952
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IT2006/000348 WO2007129345A1 (en) | 2006-05-10 | 2006-05-10 | Process and system for confirming transactions by means of mobile units |
Country Status (8)
Country | Link |
---|---|
US (1) | US20090094458A1 (en) |
EP (1) | EP2016542A1 (en) |
JP (1) | JP2009536494A (en) |
CN (1) | CN101496044A (en) |
AU (1) | AU2006343142A1 (en) |
BR (1) | BRPI0621661A2 (en) |
CA (1) | CA2651592A1 (en) |
WO (1) | WO2007129345A1 (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
ITBS20120035A1 (en) * | 2012-03-09 | 2013-09-10 | Lorenzo Gambato | METHOD FOR REMOTE CONTROL OF BANK TRANSACTIONS |
WO2013151851A2 (en) | 2012-04-01 | 2013-10-10 | Authentify, Inc. | Secure authentication in a multi-party system |
EP2713327A1 (en) * | 2012-10-01 | 2014-04-02 | Nxp B.V. | Validating a transaction with a secure input and a non-secure output |
RU2523304C2 (en) * | 2009-05-29 | 2014-07-20 | Ибэй, Инк. | Trusted integrity manager (tim) |
US9495524B2 (en) | 2012-10-01 | 2016-11-15 | Nxp B.V. | Secure user authentication using a master secure element |
US10147090B2 (en) | 2012-10-01 | 2018-12-04 | Nxp B.V. | Validating a transaction with a secure input without requiring pin code entry |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
SE0950235L (en) * | 2009-04-09 | 2010-02-23 | Smarttrust Ab | Method of identifying a mobile phone |
US20120109762A1 (en) * | 2010-11-03 | 2012-05-03 | Verizon Patent And Licensing Inc. | Method and apparatus for providing mobile payment through a device user interface |
MX2013002598A (en) * | 2012-02-07 | 2013-11-05 | Izettle Merchant Services Ab | Hub and spokes pin verification. |
US10528946B2 (en) * | 2013-11-06 | 2020-01-07 | Tencent Technology (Shenzhen) Company Limited | System and method for authenticating, associating and storing secure information |
US20160162861A1 (en) * | 2014-12-03 | 2016-06-09 | Verizon Patent And Licensing, Inc. | Managing electronic transactions |
US10810569B2 (en) | 2017-01-30 | 2020-10-20 | Square, Inc. | Contacts for misdirected payments and user authentication |
CN107423977A (en) * | 2017-08-25 | 2017-12-01 | 北京华大智宝电子系统有限公司 | The method of commerce and system of a kind of credit card |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001017310A1 (en) * | 1999-08-31 | 2001-03-08 | Telefonaktiebolaget L M Ericsson (Publ) | Gsm security for packet data networks |
WO2001080525A1 (en) * | 2000-04-14 | 2001-10-25 | Sun Microsystems, Inc. | Network access security |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1999009502A1 (en) * | 1997-08-13 | 1999-02-25 | Matsushita Electric Industrial Co., Ltd. | Mobile electronic commerce system |
FR2834158B1 (en) * | 2001-12-21 | 2005-02-11 | Radiotelephone Sfr | ELECTRONIC SIGNATURE METHOD |
-
2006
- 2006-05-10 EP EP06756286A patent/EP2016542A1/en not_active Withdrawn
- 2006-05-10 JP JP2009508679A patent/JP2009536494A/en active Pending
- 2006-05-10 AU AU2006343142A patent/AU2006343142A1/en not_active Abandoned
- 2006-05-10 CN CNA2006800553107A patent/CN101496044A/en active Pending
- 2006-05-10 WO PCT/IT2006/000348 patent/WO2007129345A1/en active Application Filing
- 2006-05-10 BR BRPI0621661-7A patent/BRPI0621661A2/en not_active IP Right Cessation
- 2006-05-10 CA CA002651592A patent/CA2651592A1/en not_active Abandoned
-
2008
- 2008-11-10 US US12/267,998 patent/US20090094458A1/en not_active Abandoned
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001017310A1 (en) * | 1999-08-31 | 2001-03-08 | Telefonaktiebolaget L M Ericsson (Publ) | Gsm security for packet data networks |
WO2001080525A1 (en) * | 2000-04-14 | 2001-10-25 | Sun Microsystems, Inc. | Network access security |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
RU2523304C2 (en) * | 2009-05-29 | 2014-07-20 | Ибэй, Инк. | Trusted integrity manager (tim) |
ITBS20120035A1 (en) * | 2012-03-09 | 2013-09-10 | Lorenzo Gambato | METHOD FOR REMOTE CONTROL OF BANK TRANSACTIONS |
WO2013151851A2 (en) | 2012-04-01 | 2013-10-10 | Authentify, Inc. | Secure authentication in a multi-party system |
EP2834730A4 (en) * | 2012-04-01 | 2016-05-25 | Authentify Inc | Secure authentication in a multi-party system |
US9641505B2 (en) | 2012-04-01 | 2017-05-02 | Early Warning Services, Llc | Secure authentication in a multi-party system |
EP2713327A1 (en) * | 2012-10-01 | 2014-04-02 | Nxp B.V. | Validating a transaction with a secure input and a non-secure output |
CN103714460A (en) * | 2012-10-01 | 2014-04-09 | Nxp股份有限公司 | Method for validating a transaction with a secure input and a non-secure output |
US9495524B2 (en) | 2012-10-01 | 2016-11-15 | Nxp B.V. | Secure user authentication using a master secure element |
US10147090B2 (en) | 2012-10-01 | 2018-12-04 | Nxp B.V. | Validating a transaction with a secure input without requiring pin code entry |
Also Published As
Publication number | Publication date |
---|---|
US20090094458A1 (en) | 2009-04-09 |
BRPI0621661A2 (en) | 2011-12-20 |
JP2009536494A (en) | 2009-10-08 |
CA2651592A1 (en) | 2007-11-15 |
EP2016542A1 (en) | 2009-01-21 |
CN101496044A (en) | 2009-07-29 |
AU2006343142A1 (en) | 2007-11-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2016542A1 (en) | Process and system for confirming transactions by means of mobile units | |
US6105006A (en) | Transaction authentication for 1-way wireless financial messaging units | |
JP5062796B2 (en) | Multi-account mobile wireless financial messaging unit | |
JP5062916B2 (en) | Secure messaging system for selective call signaling system | |
CN101098225B (en) | Safety data transmission method and paying method, paying terminal and paying server | |
EP3195226B1 (en) | System, method and apparatus for updating a stored value card | |
US20080040285A1 (en) | Method And System For Authorizing A Transaction Using A Dynamic Authorization Code | |
WO1999033035A2 (en) | Single account portable wireless financial messaging unit | |
CA2313697A1 (en) | Portable 2-way wireless financial messaging unit | |
CA2313798A1 (en) | Portable 1-way wireless financial messaging unit | |
KR20090012321A (en) | Process and system for confirming transactions by means of mobile units | |
RU2417444C2 (en) | Method and system for confirming transactions via mobile devices | |
CN101702803B (en) | Mobile transaction business realization method, device and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200680055310.7 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 06756286 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 4483/KOLNP/2008 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2009508679 Country of ref document: JP Ref document number: 2651592 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020087027496 Country of ref document: KR |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2006756286 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2006343142 Country of ref document: AU |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2008148587 Country of ref document: RU |
|
ENP | Entry into the national phase |
Ref document number: 2006343142 Country of ref document: AU Date of ref document: 20060510 Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: PI0621661 Country of ref document: BR Kind code of ref document: A2 Effective date: 20081110 |