WO2007129345A1 - Process and system for confirming transactions by means of mobile units - Google Patents

Process and system for confirming transactions by means of mobile units Download PDF

Info

Publication number
WO2007129345A1
WO2007129345A1 PCT/IT2006/000348 IT2006000348W WO2007129345A1 WO 2007129345 A1 WO2007129345 A1 WO 2007129345A1 IT 2006000348 W IT2006000348 W IT 2006000348W WO 2007129345 A1 WO2007129345 A1 WO 2007129345A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile unit
control device
previous
request message
confirmation message
Prior art date
Application number
PCT/IT2006/000348
Other languages
French (fr)
Inventor
Ermanno Dionisio
Original Assignee
Worldwide Gpms Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Worldwide Gpms Ltd. filed Critical Worldwide Gpms Ltd.
Priority to CA002651592A priority Critical patent/CA2651592A1/en
Priority to JP2009508679A priority patent/JP2009536494A/en
Priority to AU2006343142A priority patent/AU2006343142A1/en
Priority to PCT/IT2006/000348 priority patent/WO2007129345A1/en
Priority to EP06756286A priority patent/EP2016542A1/en
Priority to CNA2006800553107A priority patent/CN101496044A/en
Priority to BRPI0621661-7A priority patent/BRPI0621661A2/en
Publication of WO2007129345A1 publication Critical patent/WO2007129345A1/en
Priority to US12/267,998 priority patent/US20090094458A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3229Use of the SIM of a M-device as secure element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • G06Q20/3255Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks using mobile network messaging services for payment, e.g. SMS
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment

Definitions

  • the present invention relates to a process for confirming transactions, for example payments with credit or debit cards, by means of mobile units, for example GSM, UMTS, etc. cellular phones.
  • the present invention also relates to a system for carrying out said process.
  • IT MI2004A001438 in the name of the same applicant describes a process and an apparatus, in which a transaction is confirmed by means of a SMS (Short Message Service) message sent by a mobile unit of a user, after the latter has received from a control device a request message for confirming said transaction.
  • SMS Short Message Service
  • Said process and apparatus allow to improve the security of the transactions with credit card and the like, however a hacker could transmit false SMS messages to the user and/or to the control device for carrying out harmful operations and/or for obtaining private data. It is therefore an object of the present invention to provide a process and an apparatus which are free from said disadvantage.
  • the encoding and the digital signature are carried out by means of public and private keys, preferably obtained with an asymmetric encryption algorithm, for further improving the security of the transactions.
  • Said keys, as well as the security application which employs them, are preferably stored in the same SEvI card of the telephone service provider of the mobile unit, so as to prevent their misappropriation.
  • the process according to the present invention comprises in a known way the following operating steps: - a user carries out a transaction with a transaction apparatus TA, for example a payment with a credit card through a POS (Point Of Sale) or Internet or a cash drawing from an ATM (Automatic Teller Machine);
  • a transaction apparatus TA for example a payment with a credit card through a POS (Point Of Sale) or Internet or a cash drawing from an ATM (Automatic Teller Machine);
  • the transaction data TD for example time, date, place and amount of the transaction
  • a control device CD for example a server of a service center connected to means for transmitting SMS messages, for requesting the user to confirm the transaction
  • control device CD sends to a mobile unit MU of the user a request message RM containing the transaction data TD;
  • the user verifies the transaction data TD through output means OM, in particular a display, of the mobile unit MU;
  • the user enters a confirmation code CC in the mobile unit MU through input means EvI, in particular a keyboard, of the mobile unit MU;
  • the mobile unit MU sends to the control device CD a confirmation message CM containing the confirmation code CC; - the control device CD confirms the transaction to the transaction apparatus TA if the confirmation message CM is received within a determined time limit and contains a correct confirmation code CC, in particular a same confirmation code CC associated to the mobile unit MU of the user in a digital memory DM in the control device CD.
  • control device CD and/or the mobile unit MU are provided with one or more digital memories DM in which suitable security applications SA are stored for encoding and digitally signing the request message RM and/or the confirmation message CM, respectively.
  • the request message RM is digitally signed and encoded by the security application SA of the control device CD by means of a public key PU2 assigned to the mobile unit MU and a private key PRl which is assigned to the control device CD and is stored only in the latter.
  • the request message RM signed and encoded by the control device CD is then sent to the mobile unit MU, which decodes and verifies the digital signature of the request message RM.
  • the security application SA of the mobile unit MU employs a public key PUl assigned to the control device CD and a private key PR2 which is assigned to the mobile unit MU and is stored only in the latter.
  • the process according to the present invention comprises then the following operating steps:
  • control device CD signs the request message RM by means of its private key PRl; - the control device CD encodes the request message RM by means of the public key PU2 of the mobile unit MU;
  • control device CD sends to the mobile unit MU the signed and encoded request message RM;
  • the mobile unit MU decodes the request message RM by means of its private key PR2;
  • the mobile unit MU verifies the signature of the request message RM by means of the public key PUl of the control device CD.
  • the request message RM is displayed by the mobile unit MU, after which the user can reply by entering the confirmation code CC for confirming the transaction or another code for canceling the transaction or for transmitting other information to the control device CD, for example for disabling his credit card in case of fraudulent use.
  • the confirmation message CM is digitally signed and encoded by the security application SA of the mobile unit MU by means of the public key PUl and the private key PR2.
  • the confirmation message CM signed and encoded by the mobile unit MU is then sent to the control device CD, which decodes and verifies the digital signature of the confirmation message CM.
  • the security application SA of the control device CD employs the public key PU2 and the private key PRl.
  • the process comprises then also the following operating steps: - the mobile unit MU signs the confirmation message CM by means of its private key PR2; - the mobile unit MU encodes the confirmation message CM by means of the public key PUl of the control device CD;
  • the mobile unit MU sends to the control device CD the signed and encoded confirmation message CM, - the control device CD decodes the confirmation message CM by means of its private key PRl;
  • control device CD verifies the signature of the confirmation message CM by means of the public key PU2 of the mobile unit MU.
  • the security applications SA of the control device CD and/or of the mobile unit MU are preferably started automatically when the confirmation message CM and/or the request message RM, respectively, are received.
  • the request message RM and/or the confirmation message CM are SMS messages transmitted in PDU (Protocol
  • the security application SA, the public key PUl assigned to the control device CD and/or the private key PR2 assigned to the mobile unit MU are preferably stored in one or more digital memories DM of a SlM card arranged in the mobile unit MU, in particular the same SIM card containing the data of the telephone service provider for the use of the mobile unit MU.
  • One or both pairs of public keys PUl, PU2 and private keys PRl, PR2 are preferably obtained by means of an asymmetric encryption algorithm, in particular the RSA (Rivest Shamir Adleman) algorithm, which comprises the following operating steps:
  • the request message RM preferably contains the telephone identification number of the control device CD to which the mobile unit MU must send the confirmation message CM.
  • the security applications SA can be written by means of known programming languages, such as for example Java and/or e/o SIM Application Toolkit.
  • the control device CD may consist of or be connected to a second or further mobile units.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Process for confirming transactions by means of mobile units (MU), wherein a control device (CD) sends a request message (RM) containing transaction data (TD) to a mobile unit (MU), which can send to the control device (CD) a confirmation message (CM) containing a confirmation code (CC), wherein the control device (CD) and/or the mobile unit (MU) are provided with one or more digital memories (DM) in which security applications (SA) are stored for encoding and digitally signing the request message (RM) and/or the confirmation message (CM), respectively, before sending them. The present invention also relates to a system for carrying out said process.

Description

PROCESS AND SYSTEM FOR CONFIRMING TRANSACTIONS BY MEANS OF
MOBILE UNITS
The present invention relates to a process for confirming transactions, for example payments with credit or debit cards, by means of mobile units, for example GSM, UMTS, etc. cellular phones. The present invention also relates to a system for carrying out said process.
IT MI2004A001438 in the name of the same applicant describes a process and an apparatus, in which a transaction is confirmed by means of a SMS (Short Message Service) message sent by a mobile unit of a user, after the latter has received from a control device a request message for confirming said transaction. Said process and apparatus allow to improve the security of the transactions with credit card and the like, however a hacker could transmit false SMS messages to the user and/or to the control device for carrying out harmful operations and/or for obtaining private data. It is therefore an object of the present invention to provide a process and an apparatus which are free from said disadvantage. Said object is achieved with a process and a system comprising a control device, a mobile unit and a SIM (Subscriber Identity Module) card, the main features of which are disclosed in claims 1, 19, 25 and 40, respectively, while other features are disclosed in the remaining claims. Thanks to the encoding and to the digital signature of the request message and/or of the confirmation message, the process and the system according to the present invention allow to improve the security of the transactions, since the receivers of these messages can be sure of the identity of the senders.
According to a particular aspect of the invention, the encoding and the digital signature are carried out by means of public and private keys, preferably obtained with an asymmetric encryption algorithm, for further improving the security of the transactions. Said keys, as well as the security application which employs them, are preferably stored in the same SEvI card of the telephone service provider of the mobile unit, so as to prevent their misappropriation. Further advantages and features of the process and the system according to the present invention will become clear to those skilled in the art from the following detailed and non-limiting description of an embodiment thereof with reference to the attached drawings, wherein figure 1 shows a block scheme of the system.
Referring to figure 1, it is seen that the process according to the present invention comprises in a known way the following operating steps: - a user carries out a transaction with a transaction apparatus TA, for example a payment with a credit card through a POS (Point Of Sale) or Internet or a cash drawing from an ATM (Automatic Teller Machine);
- the transaction data TD, for example time, date, place and amount of the transaction, are transmitted from the transaction apparatus TA to a control device CD, for example a server of a service center connected to means for transmitting SMS messages, for requesting the user to confirm the transaction;
- the control device CD sends to a mobile unit MU of the user a request message RM containing the transaction data TD;
- the user verifies the transaction data TD through output means OM, in particular a display, of the mobile unit MU;
- the user enters a confirmation code CC in the mobile unit MU through input means EvI, in particular a keyboard, of the mobile unit MU;
- the mobile unit MU sends to the control device CD a confirmation message CM containing the confirmation code CC; - the control device CD confirms the transaction to the transaction apparatus TA if the confirmation message CM is received within a determined time limit and contains a correct confirmation code CC, in particular a same confirmation code CC associated to the mobile unit MU of the user in a digital memory DM in the control device CD.
According to the invention, the control device CD and/or the mobile unit MU are provided with one or more digital memories DM in which suitable security applications SA are stored for encoding and digitally signing the request message RM and/or the confirmation message CM, respectively.
In particular, the request message RM is digitally signed and encoded by the security application SA of the control device CD by means of a public key PU2 assigned to the mobile unit MU and a private key PRl which is assigned to the control device CD and is stored only in the latter. The request message RM signed and encoded by the control device CD is then sent to the mobile unit MU, which decodes and verifies the digital signature of the request message RM. For this purpose, the security application SA of the mobile unit MU employs a public key PUl assigned to the control device CD and a private key PR2 which is assigned to the mobile unit MU and is stored only in the latter.
The process according to the present invention comprises then the following operating steps:
- the control device CD signs the request message RM by means of its private key PRl; - the control device CD encodes the request message RM by means of the public key PU2 of the mobile unit MU;
- the control device CD sends to the mobile unit MU the signed and encoded request message RM;
- the mobile unit MU decodes the request message RM by means of its private key PR2;
- the mobile unit MU verifies the signature of the request message RM by means of the public key PUl of the control device CD.
If said operation have had a positive result, the request message RM is displayed by the mobile unit MU, after which the user can reply by entering the confirmation code CC for confirming the transaction or another code for canceling the transaction or for transmitting other information to the control device CD, for example for disabling his credit card in case of fraudulent use. The confirmation message CM is digitally signed and encoded by the security application SA of the mobile unit MU by means of the public key PUl and the private key PR2. The confirmation message CM signed and encoded by the mobile unit MU is then sent to the control device CD, which decodes and verifies the digital signature of the confirmation message CM. For this purpose, the security application SA of the control device CD employs the public key PU2 and the private key PRl.
The process comprises then also the following operating steps: - the mobile unit MU signs the confirmation message CM by means of its private key PR2; - the mobile unit MU encodes the confirmation message CM by means of the public key PUl of the control device CD;
- the mobile unit MU sends to the control device CD the signed and encoded confirmation message CM, - the control device CD decodes the confirmation message CM by means of its private key PRl;
- the control device CD verifies the signature of the confirmation message CM by means of the public key PU2 of the mobile unit MU.
The security applications SA of the control device CD and/or of the mobile unit MU are preferably started automatically when the confirmation message CM and/or the request message RM, respectively, are received. In particular, the request message RM and/or the confirmation message CM are SMS messages transmitted in PDU (Protocol
Data Unit) mode. The security application SA, the public key PUl assigned to the control device CD and/or the private key PR2 assigned to the mobile unit MU are preferably stored in one or more digital memories DM of a SlM card arranged in the mobile unit MU, in particular the same SIM card containing the data of the telephone service provider for the use of the mobile unit MU.
One or both pairs of public keys PUl, PU2 and private keys PRl, PR2 are preferably obtained by means of an asymmetric encryption algorithm, in particular the RSA (Rivest Shamir Adleman) algorithm, which comprises the following operating steps:
- choosing two prime numbers p, q;
- calculating n = pq and Φ = (p - l)(q - 1);
- choosing an integer number e which is less than Φ and prime to it; - calculating the integer number d such that ed = 1 mod Φ; wherein the public key PUl or PU2 comprises the pair of values e and n, while the private key PRl or PR2 comprises the pair of values d and n.
The encoding method of a portion m, for example one byte, of the request message RM or of the confirmation message CM for obtaining an encoded portion c comprises the operation c = mΛe mod n, while the decoding method of the encoded portion c comprises the operation m = cAd mod n. The signing method of a portion m, for example one byte, of the request message RM or of the confirmation message CM for obtaining an encoded portion c comprises the operation c = mΛd mod n, while the signature verifying method of the encoded portion c comprises the operation m = cΛe mod n. For further improving the security, the request message RM preferably contains the telephone identification number of the control device CD to which the mobile unit MU must send the confirmation message CM. The security applications SA can be written by means of known programming languages, such as for example Java and/or e/o SIM Application Toolkit. The control device CD may consist of or be connected to a second or further mobile units.
Possible modifications and/or additions may be made by those skilled in the art to the hereinabove described and illustrated embodiment of the invention while remaining within the scope of the following claims.

Claims

1. Process for confirming transactions by means of mobile units (MU), wherein a control device (CD) sends a request message (RM) containing transaction data (TD) to a mobile unit (MU), which can send to the control device (CD) a confirmation message (CM) containing a confirmation code (CC), characterized in that the control device (CD) and/or the mobile unit (MU) are provided with one or more digital memories (DM) in which security applications (SA) are stored for encoding and digitally signing the request message (RM) and/or the confirmation message (CM), respectively, before sending them.
2. Process according to the previous claim, characterized in that the control device (CD) signs the request message (RM) by means of a private key (PRl) of the control device (CD).
3. Process according to one of the previous claims, characterized in that the control device (CD) encodes the request message (RM) by means of a public key (PU2) of the mobile unit (MU).
4. Process according to one of the previous claims, characterized in that the mobile unit (MU) decodes the request message (RM) by means of a private key (PR2) of the mobile unit (MU).
5. Process according to one of the previous claims, characterized in that the mobile unit (MU) verifies the signature of the request message (RM) by means of a public key (PUl) of the control device (CD).
6. Process according to one of the previous claims, characterized in that the mobile unit (MU) signs the confirmation message (CM) by means of a private key (PR2) of the mobile unit (MU).
7. Process according to one of the previous claims, characterized in that the mobile unit (MU) encodes the confirmation message (CM) by means of a public key (PUl) of the control device (CD).
8. Process according to one of the previous claims, characterized in that the control device (CD) decodes the confirmation message (CM) by means of a private key
(PRl) of the control device (CD).
9. Process according to one of the previous claims, characterized in that the control device (CD) verifies the signature of the confirmation message (CM) by means of a public key (PU2) of the mobile unit (MU).
10. Process according to one of the previous claims, characterized in that the security applications (SA) of the control device (CD) and/or of the mobile unit (MU) are started automatically when the confirmation message (CM) and/or the request message (RM), respectively, are received.
11. Process according to one of the previous claims, characterized in that the request message (RM) and/or the confirmation message (CM) are SMS messages transmitted in PDU mode.
12. Process according to one of the previous claims, characterized in that the security application (SA), the public key (PUl) of the control device (CD) and/or the private key (PR2) of the mobile unit (MU) are stored in one or more digital memories (DM) of a SIM card arranged in the mobile unit (MU).
13. Process according to the previous claim, characterized in that said SIM card contains also the data of the telephone service provider for the use of the mobile unit (MU).
14. Process according to one of the previous claims, characterized in that at least one pair of public keys (PUl, PU2) and private keys (PRl, PR2) is obtained by means of an asymmetric encryption algorithm.
15. Process according to the previous claim, characterized in that said encryption algorithm comprises the following operating steps: choosing two prime numbers p, q; calculating n = pq and Φ = (p - l)(q - 1); - choosing an integer number e which is less than Φ and prime to it; calculating the integer number d such that ed = 1 mod Φ; wherein the public key (PUl, PU2) comprises the pair of values e and n, while the private key (PRl, PR2) comprises the pair of values d and n.
16. Process according to the previous claim, characterized in that the encoding method of a portion m of the request message (RM) or of the confirmation message (CM) for obtaining an encoded portion c comprises the operation c = mΛe mod n, while the decoding method of the encoded portion c comprises the operation m = cΛd mod n.
17. Process according to claim 15 or 16, characterized in that the signing method of a portion m of the request message (RM) or of the confirmation message (CM) for obtaining an encoded portion c comprises the operation c = mΛd mod n, while the signature verifying method of the encoded portion c comprises the operation m = cΛe mod n.
18. Process according to one of the previous claims, characterized in that the request message (RM) contains the telephone identification number of the control device (CD) to which the mobile unit (MU) must send the confirmation message (CM).
19. Device (CD) for confirming transactions, which is suitable for sending a request message (RM) containing transaction data (TD) to a mobile unit (MU), characterized in that said control device (CD) is provided with one or more digital memories (DM) in which at least one security application (SA) is stored for encoding and digitally signing the request message (RM) before sending it to the mobile unit (MU).
20. Device (CD) according to the previous claim, characterized in that its security application (SA) signs the request message (RM) by means of a private key (PRl) of the control device (CD).
21. Device (CD) according to claim 19 or 20, characterized in that its security application (SA) encodes the request message (RM) by means of a public key (PU2) of the mobile unit (MU).
22. Device (CD) according to one of claims 19 to 21, characterized in that it is provided with means for receiving a transaction confirmation message (CM) from the mobile unit (MU).
23. Device (CD) according to the previous claim, characterized in that its security application (SA) decodes the confirmation message (CM) by means of a private key (PRl) of the control device (CD).
24. Device (CD) according to claim 22 or 23, characterized in that its security application (SA) verifies the signature of the confirmation message (CM) by means of a public key (PU2) of the mobile unit (MU).
25. Mobile unit (MU) for confirming transactions, which is suitable for sending a confirmation message (CM) containing a confirmation code (CC) to a control device (CD), characterized in that said mobile unit (MU) is provided with one or more digital memories (DM) in which at least one security application (SA) is stored for encoding and digitally signing the confirmation message (CM) before sending it to the control device (CD).
26. Mobile unit (MU) according to the previous claim, characterized in that its security application (SA) signs the confirmation message (CM) by means of a private key (PR2) of the mobile unit (MU).
27. Mobile unit (MU) according to claim 25 or 26, characterized in that its security application (SA) encodes the confirmation message (CM) by means of a public key (PUl) of the control device (CD).
28. Mobile unit (MU) according to one of claims 25 to 27, characterized in that it is provided with means for receiving a request message (RM) containing transaction data (TD) from the control device (CD).
29. Mobile unit (MU) according to the previous claim, characterized in that its security application (SA) decodes the request message (RM) by means of a private key (PR2) of the mobile unit (MU).
30. Mobile unit (MU) according to claim 28 or 29, characterized in that its security application (SA) verifies the signature of the request message (CM) by means of a public key (PUl) of the control device (CD).
31. Mobile unit (MU) according to one of claims 25 to 30, characterized in that said security application (SA), said public key (PUl) and/or said private key (PR2) are stored in one or more digital memories (DM) of a SIM card arranged in the mobile unit (MU).
32. Mobile unit (MU) according to the previous claim, characterized in that said SIM card contains also the data of the telephone service provider for the use of the mobile unit (MU).
33. Device (CD) or mobile unit (MU) according to one of claims 19 to 32, characterized in that said security applications (SA) are started automatically when the confirmation message (CM) and/or the request message (RM), respectively, are received.
34. Device (CD) or mobile unit (MU) according to one of claims 19 to 33, characterized in that the request message (RM) and/or the confirmation message (CM) are SMS messages transmitted in PDU mode.
35. Device (CD) or mobile unit (MU) according to one of claims 20 to 34, characterized in that at least one pair of public keys (PUl, PU2) and private keys (PRl, PR2) is obtained by means of an asymmetric encryption algorithm.
36. Device (CD) or mobile unit (MU) according to the previous claim, characterized in that said encryption algorithm comprises the following operating steps: - choosing two prime numbers p, q; calculating n = pq and Φ = (p - l)(q - 1); choosing an integer number e which is less than Φ and prime to it; calculating the integer number d such that ed = 1 mod Φ ; wherein the public key (PUl, PU2) comprises the pair of values e and n, while the private key (PRl , PR2) comprises the pair of values d and n.
37. Device (CD) or mobile unit (MU) according to the previous claim, characterized in that the encoding method of a portion m of the request message (RM) or of the confirmation message (CM) for obtaining an encoded portion c comprises the operation c = mΛe mod n, while the decoding method of the encoded portion c comprises the operation m = cΛd mod n.
38. Device (CD) or mobile unit (MU) according to claim 36 or 37, characterized in that the signing method of a portion m of the request message (RM) or of the confirmation message (CM) for obtaining an encoded portion c comprises the operation c = mΛd mod n, while the signature verifying method of the encoded portion c comprises the operation m = cΛe mod n.
39. Device (CD) or mobile unit (MU) according to one of claims 19 to 38, characterized in that the request message (RM) contains the telephone identification number of the control device (CD) to which the mobile unit (MU) must send the confirmation message (CM).
40. SIM card comprising one or more digital memories (DM), characterized in that at least one digital memory (DM) contains a public key (PUl), a private key (PR2) and/or a security application (SA) for confirming transactions by means of mobile units (MU).
41. SIM card according to the previous claim, characterized in that the security application (SA) is suitable for encoding and digitally signing a confirmation message (CM) to be transmitted by a mobile unit (MU) comprising this SIM card.
42. SIM card according to the previous claim, characterized in that the security application (SA) signs the confirmation message (CM) by means of said private key (PR2).
43. SIM card according to claim 41 or 42, characterized in that the security application (SA) encodes the confirmation message (CM) by means of said public key
(PUl).
44. SIM card according to one of claims 40 to 43, characterized in that the security application (SA) is suitable for decoding and verifying the signature of a request message (RM) received by a mobile unit (MU) comprising this SIM card.
45. SIM card according to the previous claim, characterized in that the security application (SA) decodes the request message (RM) by means of said private key (PR2).
46. SIM card according to claim 44 or 45, characterized in that the security application (SA) verifies the signature of the request message (RM) by means of said public key (PUl).
PCT/IT2006/000348 2006-05-10 2006-05-10 Process and system for confirming transactions by means of mobile units WO2007129345A1 (en)

Priority Applications (8)

Application Number Priority Date Filing Date Title
CA002651592A CA2651592A1 (en) 2006-05-10 2006-05-10 Process and system for confirming transactions by means of mobile units
JP2009508679A JP2009536494A (en) 2006-05-10 2006-05-10 Process and system for confirming a transaction by a portable unit
AU2006343142A AU2006343142A1 (en) 2006-05-10 2006-05-10 Process and system for confirming transactions by means of mobile units
PCT/IT2006/000348 WO2007129345A1 (en) 2006-05-10 2006-05-10 Process and system for confirming transactions by means of mobile units
EP06756286A EP2016542A1 (en) 2006-05-10 2006-05-10 Process and system for confirming transactions by means of mobile units
CNA2006800553107A CN101496044A (en) 2006-05-10 2006-05-10 Method and system for implementing confirmation business by using movable unit mode
BRPI0621661-7A BRPI0621661A2 (en) 2006-05-10 2006-05-10 process and system for committing transactions via mobile units
US12/267,998 US20090094458A1 (en) 2006-05-10 2008-11-10 Process and system for confirming transactions by means of mobile units

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IT2006/000348 WO2007129345A1 (en) 2006-05-10 2006-05-10 Process and system for confirming transactions by means of mobile units

Publications (1)

Publication Number Publication Date
WO2007129345A1 true WO2007129345A1 (en) 2007-11-15

Family

ID=37602952

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IT2006/000348 WO2007129345A1 (en) 2006-05-10 2006-05-10 Process and system for confirming transactions by means of mobile units

Country Status (8)

Country Link
US (1) US20090094458A1 (en)
EP (1) EP2016542A1 (en)
JP (1) JP2009536494A (en)
CN (1) CN101496044A (en)
AU (1) AU2006343142A1 (en)
BR (1) BRPI0621661A2 (en)
CA (1) CA2651592A1 (en)
WO (1) WO2007129345A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ITBS20120035A1 (en) * 2012-03-09 2013-09-10 Lorenzo Gambato METHOD FOR REMOTE CONTROL OF BANK TRANSACTIONS
WO2013151851A2 (en) 2012-04-01 2013-10-10 Authentify, Inc. Secure authentication in a multi-party system
EP2713327A1 (en) * 2012-10-01 2014-04-02 Nxp B.V. Validating a transaction with a secure input and a non-secure output
RU2523304C2 (en) * 2009-05-29 2014-07-20 Ибэй, Инк. Trusted integrity manager (tim)
US9495524B2 (en) 2012-10-01 2016-11-15 Nxp B.V. Secure user authentication using a master secure element
US10147090B2 (en) 2012-10-01 2018-12-04 Nxp B.V. Validating a transaction with a secure input without requiring pin code entry

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SE0950235L (en) * 2009-04-09 2010-02-23 Smarttrust Ab Method of identifying a mobile phone
US20120109762A1 (en) * 2010-11-03 2012-05-03 Verizon Patent And Licensing Inc. Method and apparatus for providing mobile payment through a device user interface
MX2013002598A (en) * 2012-02-07 2013-11-05 Izettle Merchant Services Ab Hub and spokes pin verification.
US10528946B2 (en) * 2013-11-06 2020-01-07 Tencent Technology (Shenzhen) Company Limited System and method for authenticating, associating and storing secure information
US20160162861A1 (en) * 2014-12-03 2016-06-09 Verizon Patent And Licensing, Inc. Managing electronic transactions
US10810569B2 (en) 2017-01-30 2020-10-20 Square, Inc. Contacts for misdirected payments and user authentication
CN107423977A (en) * 2017-08-25 2017-12-01 北京华大智宝电子系统有限公司 The method of commerce and system of a kind of credit card

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001017310A1 (en) * 1999-08-31 2001-03-08 Telefonaktiebolaget L M Ericsson (Publ) Gsm security for packet data networks
WO2001080525A1 (en) * 2000-04-14 2001-10-25 Sun Microsystems, Inc. Network access security

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999009502A1 (en) * 1997-08-13 1999-02-25 Matsushita Electric Industrial Co., Ltd. Mobile electronic commerce system
FR2834158B1 (en) * 2001-12-21 2005-02-11 Radiotelephone Sfr ELECTRONIC SIGNATURE METHOD

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001017310A1 (en) * 1999-08-31 2001-03-08 Telefonaktiebolaget L M Ericsson (Publ) Gsm security for packet data networks
WO2001080525A1 (en) * 2000-04-14 2001-10-25 Sun Microsystems, Inc. Network access security

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2523304C2 (en) * 2009-05-29 2014-07-20 Ибэй, Инк. Trusted integrity manager (tim)
ITBS20120035A1 (en) * 2012-03-09 2013-09-10 Lorenzo Gambato METHOD FOR REMOTE CONTROL OF BANK TRANSACTIONS
WO2013151851A2 (en) 2012-04-01 2013-10-10 Authentify, Inc. Secure authentication in a multi-party system
EP2834730A4 (en) * 2012-04-01 2016-05-25 Authentify Inc Secure authentication in a multi-party system
US9641505B2 (en) 2012-04-01 2017-05-02 Early Warning Services, Llc Secure authentication in a multi-party system
EP2713327A1 (en) * 2012-10-01 2014-04-02 Nxp B.V. Validating a transaction with a secure input and a non-secure output
CN103714460A (en) * 2012-10-01 2014-04-09 Nxp股份有限公司 Method for validating a transaction with a secure input and a non-secure output
US9495524B2 (en) 2012-10-01 2016-11-15 Nxp B.V. Secure user authentication using a master secure element
US10147090B2 (en) 2012-10-01 2018-12-04 Nxp B.V. Validating a transaction with a secure input without requiring pin code entry

Also Published As

Publication number Publication date
US20090094458A1 (en) 2009-04-09
BRPI0621661A2 (en) 2011-12-20
JP2009536494A (en) 2009-10-08
CA2651592A1 (en) 2007-11-15
EP2016542A1 (en) 2009-01-21
CN101496044A (en) 2009-07-29
AU2006343142A1 (en) 2007-11-15

Similar Documents

Publication Publication Date Title
EP2016542A1 (en) Process and system for confirming transactions by means of mobile units
US6105006A (en) Transaction authentication for 1-way wireless financial messaging units
JP5062796B2 (en) Multi-account mobile wireless financial messaging unit
JP5062916B2 (en) Secure messaging system for selective call signaling system
CN101098225B (en) Safety data transmission method and paying method, paying terminal and paying server
EP3195226B1 (en) System, method and apparatus for updating a stored value card
US20080040285A1 (en) Method And System For Authorizing A Transaction Using A Dynamic Authorization Code
WO1999033035A2 (en) Single account portable wireless financial messaging unit
CA2313697A1 (en) Portable 2-way wireless financial messaging unit
CA2313798A1 (en) Portable 1-way wireless financial messaging unit
KR20090012321A (en) Process and system for confirming transactions by means of mobile units
RU2417444C2 (en) Method and system for confirming transactions via mobile devices
CN101702803B (en) Mobile transaction business realization method, device and system

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200680055310.7

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06756286

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 4483/KOLNP/2008

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 2009508679

Country of ref document: JP

Ref document number: 2651592

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 1020087027496

Country of ref document: KR

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2006756286

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2006343142

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: 2008148587

Country of ref document: RU

ENP Entry into the national phase

Ref document number: 2006343142

Country of ref document: AU

Date of ref document: 20060510

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: PI0621661

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20081110