WO2020074060A1 - Authentication of data transactions - Google Patents

Authentication of data transactions Download PDF

Info

Publication number
WO2020074060A1
WO2020074060A1 PCT/EP2018/077351 EP2018077351W WO2020074060A1 WO 2020074060 A1 WO2020074060 A1 WO 2020074060A1 EP 2018077351 W EP2018077351 W EP 2018077351W WO 2020074060 A1 WO2020074060 A1 WO 2020074060A1
Authority
WO
WIPO (PCT)
Prior art keywords
identifier
wireless communication
communication device
data transaction
node
Prior art date
Application number
PCT/EP2018/077351
Other languages
French (fr)
Inventor
Athanasios KARAPANTELAKIS
Konstantinos Vandikas
Nipun Sharma
Venkata Sameer Kumar KODUKULA
Qiang Li
Leonid Mokrushin
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Priority to PCT/EP2018/077351 priority Critical patent/WO2020074060A1/en
Publication of WO2020074060A1 publication Critical patent/WO2020074060A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/223Payment schemes or models based on the use of peer-to-peer networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications

Definitions

  • the invention relates to a method of enabling authentication of a data transaction in a communications network, and a device performing the method.
  • Mobile Bank ID replaces security token generators with mobile phones, where bank generated certificates are stored on a device running a mobile ID application or directly on Subscriber Identity Module (SIM) cards, and users can identify themselves with a mobile application. This has opened up a new array of services, including Swish which can be used for mobile payments.
  • SIM Subscriber Identity Module
  • Mobile Bank ID also requires some sort of application and internet access, in order to authenticate against a server and is also a limited ecosystem comprising only Scandinavian banks and operators.
  • An object of the present invention is to solve, or at least mitigate, one or more of above-mentioned problems in the art and thus to provide an improved method of authenticating data transactions in a communications network.
  • a method of a node configured to expose service capabilities of a telecommunication network to applications communicating with the network of enabling authentication of a data transaction.
  • the method comprises receiving information that a wireless communication device is to perform a data transaction with one of said applications, said information comprising an identifier of the wireless communication device and an indication of a location of the wireless communication device, and transmitting said information to the application with which the data transaction is to be performed, wherein the application is enabled to use the identifier of the wireless communication device to fetch, from a distributed ledger, a previously registered identifier of an entity associated with the data transaction and an identifier of a resource issued by a party allowing the entity to perform the data transaction upon the entity presenting the resource to said application, the identifier of the entity and the identifier of the resource having been associated in the distributed ledger with the identifier of the wireless communication device.
  • a node configured to expose service capabilities of a telecommunication network to applications communicating with the network, the node further being configured to enable authentication of a data transaction and comprising a processing unit and a memory, said memory containing instructions executable by said processing unit, whereby the node is operative to receive information that a wireless communication device is to perform a data transaction with one of said applications, said information comprising an identifier of the wireless communication device and an indication of a location of the wireless communication device, and to transmit said information to the application with which the data transaction is to be performed, wherein the application is enabled to use the identifier of the wireless communication device to fetch, from a distributed ledger, a previously registered identifier of an entity associated with the data transaction and an identifier of a resource issued by a party allowing the entity to perform the data transaction upon the entity presenting the resource to said application, the identifier of the entity and the identifier of the resource having been associated in the distributed ledger with the identifier of the
  • a distributed ledger Before a data transaction occurring, for instance between a wireless communication device and a merchant, data is registered in a distributed ledger.
  • the distributed ledger is implemented using blockchain technology.
  • An issuer such as a bank registers a unique payment number with the ledger, which payment number identifies a customer to the issuer.
  • This identifier can be for example a unique identification number associated with an electronic token stored on the wireless communication device, which token enables the wireless communication device to make a payment with the merchant.
  • the payment number is a unique number used to identify a means of payment of a customer. That is, the payment number is effectively an identifier of a resource (i.e. the electronic token) issued by a party (i.e. the issuing bank) allowing the customer to perform the data transaction upon the presenting the resource to the merchant.
  • the issuer further registers a unique private/juridical person identifier, which identifies an entity or party, i.e. an individual or a juridical person, associated with the payment number. This could be a national identity number in case of an individual or an organizational number in case of a juridical person.
  • a node such as e.g. a Home Subscriber Server (HSS) registers an identifier of the wireless communication device with which the payment is to be performed in the ledger. Further, the HSS registers the unique
  • the wireless communication device When a transaction is to take place between a customer holding the wireless communication device and the merchant, the wireless communication device will transmit a transaction request to the network, which ultimately will be received for instance by a Services Capability Exposure Function (SCEF).
  • SCEF Services Capability Exposure Function
  • the request comprises an identifier of the wireless communication device and a location of the wireless communication device (and possibly monetary amount of the goods being purchased in the transaction).
  • the SCEF transmits the transaction request the merchant.
  • the merchant Upon receiving the transaction request, the merchant acquires the unique private/juridical person identifier and the payment number from the distributed ledger using the identifier of the wireless communication device.
  • a payment authentication process can be completed and the merchant registers the new transaction with the ledger by providing the ledger 22 with an identifier of the merchant, the identifier of the wireless communication device (and possibly the transaction amount).
  • the information that a wireless communication device is to perform a data transaction is received from a node configured to manage mobility of the wireless communication device.
  • the information that a wireless communication device is to perform a data transaction is received from the wireless communication device.
  • communication device is verified with a node configured to manage user data subscriptions.
  • the data transaction of the wireless communication device is a goods payment transaction and the received information further comprises amount of the payment made.
  • the data transaction of the wireless communication device is a goods payment transaction and the received information further comprises currency in which the payment is made.
  • a computer program comprising computer-executable instructions for causing a node configured to expose service capabilities of a telecommunication network to applications to perform steps recited in the method of the first aspect when the computer- executable instructions are executed on a processing unit included in the node.
  • a computer program product comprising a computer readable medium, the computer readable medium having the computer program of the third aspect embodied thereon.
  • Figure l illustrates a prior art payment authentication process
  • Figure 2 shows a signaling diagram illustrating a method of performing a data transaction according to an embodiment.
  • Figure 3 illustrates data blocks being registered in a distributed ledger according to an embodiment
  • Figure 4 illustrates data blocks being registered in a distributed ledger according to another embodiment
  • Figure 5 illustrates a node configured to expose service capabilities of a telecommunication network to applications communicating with the network according to an embodiment
  • Figure 6 illustrates a node configured to expose service capabilities of a telecommunication network to applications communicating with the network according to another embodiment.
  • Figure l illustrates a prior art payment authentication process.
  • a customer to is an individual desiring to undertake a transaction with a seller n.
  • the customer to may hold a wireless communication device, such as a smart phone, a tablet, a smart watch etc., which authenticates the seller- initiated transaction using for instance the previously mentioned Swish application.
  • the wireless communication device will in the following be exemplified as a 3rd Generation Partnership Project (3GPP) compatible device, and will thus be referred to as a User Equipment (UE).
  • 3GPP 3rd Generation Partnership Project
  • the seller 11 initiates the transaction, and typically constitutes a retailer such as a store. For instance, the customer 10 may visit a seller 11 in the form of a furniture store where she buys a table and makes the payment for the table via her smart phone or by credit card.
  • the seller 11 also has a 3GPP cellular connection, and is hence also technically viewed upon as a UE from an operator perspective.
  • the UE and the seller 11 communicate over a cellular network operated by one or more Mobile Network Operators (MNOs).
  • MNOs Mobile Network Operators
  • One or more issuers 12 provide the customer 10 with a means for payment (either a physical credit card, or potentially a virtual token for use with a mobile device).
  • an acquirer 13 is involved (for instance a bank) providing a Point-of- Sale (PoS) terminal to the seller 11, and a payment network 14 (PN) is utilized for routing the customer 10 to the issuer 12.
  • a PN 14 provides electronic payment services to banking institutions and sellers. Examples of PNs are MasterCard, Visa, American Express, etc.
  • the process starts by the customer to performing a transaction with the seller n in step Slot using the PoS terminal provided to the seller n by the acquirer 13.
  • the customer 10 uses her credit card or UE, which e.g. may be capable of performing Near-Field Communication (NFC) payments, with the PoS terminal.
  • Information is read off the card or the UE (card ID and amount) and sent via the seller 11 (together with terminal ID and seller ID) to the acquirer 13 in step S102.
  • NFC Near-Field Communication
  • the acquirer 13 processes the transaction (by verifying that seller ID and PoS terminal ID are correct) and forwards the customer information - i.e. the card ID, amount and, optionally, a Personal
  • the issuing bank 12 would typically have provided the UE with an electronic token authenticating the UE to perform the transaction.
  • the card ID would be replaced with a corresponding token ID.
  • the issuer 12 thus verifies that the card ID and the optional PIN is correct, and checks whether there is coverage for the indicated amount of the transaction, in step S105.
  • the issuer 12 authenticating the payment (if not, the payment is declined).
  • the authentication decision is then relayed back to the seller 11 in steps S106-S108 via the PN 14 and the acquirer 13.
  • Figure 2 shows a signaling diagram illustrating a method of performing a data transaction according to an embodiment.
  • a so called distributed ledger is used, i.e. a database that is consensually shared and synchronized by each party in a network accessing the database, in order to authenticate payment of the UE.
  • each party replicates and saves an identical copy of the ledger.
  • Each participant node of the network updates itself independently; the ledger is not maintained by any central authority.
  • Blockchains are one example of distributed ledger technology.
  • Figure 2 shows a UE 20 engaging in a transaction with a seller 21 similar to what was described with reference to Figure 1.
  • TDB transaction database 22
  • FIG. 2 Further illustrated in Figure 2 are an issuer 23 and a Services Capability Exposure Function 24 (SCEF).
  • SCEF Services Capability Exposure Function
  • the Services Capabilities Exposure Function (SCEF) 24 is a key entity within the 3rd Generation Partnership Project (3GPP) architecture for service capability exposure. The functionality of the SCEF is described in detail in e.g. 3GPP specification TS 23.682.
  • Network Exposure Function (NEF) is the evolution of SCEF for fifth generation mobile networks (5G) and described in 3GPP specification TS 23.502. The text below uses SCEF entity as a departure point for further description, but the same principles apply to NEF entity.
  • MME Mobility Management Entity 25
  • HSS Home Subscriber Server 26
  • AMF Access and Mobility Function
  • UDM Unified Data Management
  • the application i.e. the seller 21
  • registers with the SCEF 24 for engaging in a payment notification service such that the seller 21 subsequently is capable of notifying the SCEF 24 when a UE engages in a new transaction.
  • FIG. 2 illustrates a Mobility Management Entity 25 (MME) responsible for e.g. idle mode UE tracking and paging procedures, and for authenticating the user by interacting with a Home Subscriber Server 26 (HSS) which contains user-related and subscriber-related information. It also provides support functions in mobility management, call and session setup, user authentication and access authorization.
  • MME Mobility Management Entity 25
  • HSS Home Subscriber Server 26
  • step S201 the issuer 23 registers a unique payment number with the TDB 22, which payment number identifies a customer to the issuer 23.
  • This identifier can be for example a payment card number of a debit/credit card assigned by the issuing bank 23 to the customer.
  • the payment number may be a unique identification number associated with an electronic token stored on the UE 20, which token enables the UE 20 to make a payment.
  • the payment number is a unique number used to identify a means of payment of a customer. That is, the payment number is effectively an identifier of a resource (i.e. the electronic token) issued by a party (i.e. the issuing bank) allowing the customer to perform the data transaction upon the presenting the resource to the seller 21h
  • a resource i.e. the electronic token
  • a party i.e. the issuing bank
  • the SCEF 24, the MME 25 and the HSS are typically operated by an MNO.
  • the issuer 23 further registers a unique private/juridical person identifier (PPI), which identifies an entity or party, i.e. an individual or a juridical person, associated with the payment number. This could be a national identity number in case of an individual or an organizational number in case of a juridical person.
  • PPI personal private/juridical person identifier
  • the issuer 23 may register the data of step S201 upon a customer applying for a new credit/debit card or an electronic token for performing mobile device payments.
  • step S202 the HSS 26 registers an identifier of the mobile device 20 with which the payment is to be performed, referred to in the following as a UE ID. Further, the HSS 26 registers the PPI with the TDB 22. The HSS 26 may register the data of step S202 upon a new mobile subscriber is being onboarded to the network. Now, when a transaction is to take place between a customer holding the UE 20 and the seller 21, as illustrated by the transaction trigger of step S203 (cf. sioi of Figure 1), the UE 20 will transmit a transaction request to the network.
  • the UE 20 cannot send its identifier UE ID directly to the seller 21, as this would facilitate for a malicious UE to impersonate another UE and thus purchase goods in the name of the other UE’s owner. Instead, the UE 20 communicates its identifier UE ID to the seller 21 via its MNO.
  • the UE 20 transmits a transaction request in step S204a to the MME 25, which comprises a location of the UE 20 for facilitating detection of fraud, the monetary amount of the goods being purchased in the transaction, and possibly the currency in which the payment is made.
  • the UE 20 and the seller 21 do not have to be physically co-located to initiate the transaction, but location can
  • the MME 25 will transmit the transaction request to the SCEF 24 in step S206, further adding the UE ID to the request (which possibly is
  • the UE 20 transmits the transaction request directly to the SCEF 24 in step S204I , again comprising a location of the UE 20, the monetary amount of the goods being purchased in the transaction, and possibly the currency in which the payment is made. Further, in this embodiment, the UE 20 includes the UE ID with the request. In this embodiment, the SCEF 24 may verify that the received UE ID is a correct identifier by checking with the HSS 26 in step S205I . The SCEF 24 will in its turn transmit the transaction request comprising the UE ID to the seller 21 in step S2o6a or S2o6b (which possibly also).
  • the seller 21 Upon receiving the transaction request in step S2o6a or S2o6b, the seller 21 acquires the PPI and the payment number from the TDB 22 by presenting the received UE ID in step S207.
  • the payment authentication process of Figure 1 continues with already-described steps S102-S108.
  • the seller 21 registers the new transaction with the TDB 22 in step S208 by providing the TDB 22 with the seller ID, the UE ID and the transaction amount.
  • SIM card or embedded SIM card
  • the proposed solution may advantageously be implemented on top of existing network infrastructure and any generation of mobile network (2G, 3G, 4G and 5G) using existing payment networks and existing authentication processes.
  • the distributed ledger of TDB 22 is implemented using blockchain technology.
  • the issuer 23 registers the new payment number in step S201 to the blockchain, relating it to a specific private/juridical person using PPI, while the HSS 26 registers the UE ID and the PPI to the blockchain in step S202.
  • the structure of the TDB 22 is a linked chain, with every new block being added pointing to its predecessor.
  • this may for instance be implemented utilizing three basic components in each block: a unique hash identifying the block, a pointer to the hash of the previous block as well as block data referred to as “transaction information” being adapted to the party with which each block is associated.
  • the seller 21, the issuer 23 and the MNO (and thus the individual functional entities SCEF 24, MME 25 and HSS 26) can all interact - and perform transactions - with the TDB 22.
  • Figure 3 illustrates to the left a data block of the issuer 23, in the middle a data block of the MNO (typically the HSS 26), and to the right a data block of the seller 21.
  • the issuer 23 registers Block K with the TDB 22 in step S201
  • the HSS 26 registers Block K+i with the TDB 22 in step S202
  • the seller 21 registers Block K+2 with the TDB 22 in step S208 after the payment authentication process is completed.
  • the data registered by the issuer 23 may further comprise an identifier of a particular type of transaction being performed, for instance registration of a new payment number or invalidation of an old payment number, and also an issuer ID using a format such as the ISO 9362 BIC (Bank Identifier Code).
  • the registering of data at the TDB 22 by the issuer 23 may occur periodically.
  • the registering of data at the TDB 22 by the MNO, or more particularly the HSS 26, may be initiated when a new mobile subscription is setup which typically occurs when a user purchases a new subscription, but also for all existing subscriptions when an MNO is onboarded. Also, this registration is performed when a subscription of an MNO is cancelled and/or invalidated or when a UE reattaches to the network of the MNO.
  • the identifier of the UE 20, i.e. the previously discussed UE ID, is in an embodiment the global unique temporary UE identity (GUTI), which is generated by the MME 25 and sent to the UE 20 upon attachment to the network.
  • GUI global unique temporary UE identity
  • the GUTI does not reveal the identity of the UE 20 or the user’s permanent identity, in contrast e.g. to using the unique UE identity
  • IMSI International Mobile Subscriber Identity
  • MAC media access control
  • an advantage of the invention is that changes in banks, MNOs, mobile devices, etc., only have a minor impact on the authentication process.
  • Figure 4 illustrates a minor change being made in the distributed ledger of the TDB 22.
  • a user changes bank from “Wessex Bank” to“National Bank of Greece”.
  • Block N registered with the TDB 22 indicates that that an account registered with Wessex Bank (“WESTGBAV”) is removed and that the customer is assigned payment number“4354498187969050” with the Wessex Bank.
  • WESTGBAV Wessex Bank
  • Block N+i registered by the issuer 23 with the TDB 22 indicates that that an account registered with National Bank of Greece (“ETHNGRAA”) is added and that the customer is assigned payment number“4037108198951238” with the new bank.
  • ETHNGRAA National Bank of Greece
  • FIG. 5 illustrates an SCEF 24 according to an embodiment.
  • the steps of the method performed by the SCEF 24 of enabling authentication of a data transaction according to embodiments are in practice performed by a processing unit 31 embodied in the form of one or more microprocessors arranged to execute a computer program 32 downloaded to a suitable storage volatile medium 33 associated with the microprocessor, such as a Random Access Memory (RAM), or a non-volatile storage medium such as a Flash memory or a hard disk drive.
  • the processing unit 31 is arranged to cause the SCEF 24 to carry out the method according to embodiments when the appropriate computer program 32 comprising computer-executable instructions is downloaded to the storage medium 33 and executed by the processing unit 31.
  • the storage medium 33 may also be a computer program product comprising the computer program 32.
  • the computer program 32 may be transferred to the storage medium 33 by means of a suitable computer program product, such as a Digital Versatile Disc (DVD) or a memory stick.
  • a suitable computer program product such as a Digital Versatile Disc (DVD) or a memory stick.
  • the computer program 32 may be downloaded to the storage medium 33 over a network.
  • the processing unit 31 may alternatively be embodied in the form of a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field-programmable gate array (FPGA), a complex programmable logic device (CPLD), etc.
  • FIG. 6 illustrates an SCEF 24 according to a further embodiment.
  • the SCEF 24 comprises receiving means 40 adapted to receive information that a wireless communication device is to perform a data transaction with one of a number of applications being register with the SCEF 24, said information comprising an identifier of the wireless communication device and an indication of a location of the wireless communication device, and
  • transmitting means 41 adapted to transmit the information to the application with which the data transaction is to be performed.
  • This enables the application to use the identifier of the wireless communication device to fetch, from a distributed ledger, a previously registered identifier of an entity associated with the data transaction and an identifier of a resource issued by a party allowing the entity to perform the data transaction upon the entity presenting the resource to said application, the identifier of the entity and the identifier of the resource having been associated in the distributed ledger with the identifier of the wireless communication device.
  • the means 40, 41 may comprise communication interface(s) for receiving and providing information, and further a local storage for storing data, and may (in analogy with that previously discussed) be implemented by a processor embodied in the form of one or more microprocessors arranged to execute a computer program downloaded to a suitable storage medium associated with the microprocessor, such as a RAM, a Flash memory or a hard disk drive.
  • a processor embodied in the form of one or more microprocessors arranged to execute a computer program downloaded to a suitable storage medium associated with the microprocessor, such as a RAM, a Flash memory or a hard disk drive.

Abstract

The invention relates to a method of enabling authentication of a data transaction in a communications network, and a device (24) performing the method. In an aspect, a method of a node (24) configured to expose service capabilities of a telecommunication network to applications communicating with the network of enabling authentication of a data transaction is provided. The method comprises receiving (S205a, S204b) information that a wireless communication device (20) is to perform a data transaction with one (21) of said applications, said information comprising an identifier of the wireless communication device (20) and an indication of a location of the wireless communication device (20), and transmitting (S206a, S206b) said information to the application (21) with which the data transaction is to be performed, wherein the application (21) is enabled to use the identifier of the wireless communication device (20) to fetch (S207), from a distributed ledger (22), a previously registered (S201, S202) identifier of an entity associated with the data transaction and an identifier of a resource issued by a party (23) allowing the entity to perform the data transaction upon the entity presenting the resource to said application (21), the identifier of the entity and the identifier of the resource (23) having been associated in the distributed ledger (22) with the identifier of the wireless communication device (20).

Description

AUTHENTICATION OF DATA TRANSACTIONS TECHNICAL FIELD
The invention relates to a method of enabling authentication of a data transaction in a communications network, and a device performing the method.
BACKGROUND
In existing state of the art for data transactions, it is oftentimes important that a chain of trust can be established in order authenticate parties being involved in the data transaction.
For example, in mobile payment systems, all financial transactions are secured and verified by over-the-top cloud servers. Hence, the entity verifying and securing these transactions is not the mobile operator or the bank institution that the owner of the mobile device is using.
For example, so-called“mobile wallet” systems such as Apple Pay, Google Wallet and Softcard all authenticate and secure transactions with private servers. An innovative service in Scandinavia known as Mobile Bank ID replaces security token generators with mobile phones, where bank generated certificates are stored on a device running a mobile ID application or directly on Subscriber Identity Module (SIM) cards, and users can identify themselves with a mobile application. This has opened up a new array of services, including Swish which can be used for mobile payments. However, Mobile Bank ID also requires some sort of application and internet access, in order to authenticate against a server and is also a limited ecosystem comprising only Scandinavian banks and operators.
There are several issues with these solutions:
Centralized solution and ecosystem lock-in. It is inherently difficult to scale beyond a closed ecosystem of banks, operators and mobile devices. When changing mobile phone device type (e.g. from Android to iOS), or phone number, or switching to a new bank a re-configuration is required. Expensive hardware and requirement for Internet connectivity. Even in systems such as Apple pay and Google wallet, authorization is done over the top and requires users to authenticate utilizing their credentials. Such payment solutions require expensive devices (e.g. equipped with special sensors) and continuous network connectivity in order to work. Such systems are likely to be unpopular in developing countries.
SUMMARY
An object of the present invention is to solve, or at least mitigate, one or more of above-mentioned problems in the art and thus to provide an improved method of authenticating data transactions in a communications network.
This object is attained in a first aspect of the invention by a method of a node configured to expose service capabilities of a telecommunication network to applications communicating with the network of enabling authentication of a data transaction. The method comprises receiving information that a wireless communication device is to perform a data transaction with one of said applications, said information comprising an identifier of the wireless communication device and an indication of a location of the wireless communication device, and transmitting said information to the application with which the data transaction is to be performed, wherein the application is enabled to use the identifier of the wireless communication device to fetch, from a distributed ledger, a previously registered identifier of an entity associated with the data transaction and an identifier of a resource issued by a party allowing the entity to perform the data transaction upon the entity presenting the resource to said application, the identifier of the entity and the identifier of the resource having been associated in the distributed ledger with the identifier of the wireless communication device.
This object is attained in a second aspect of the invention by a node configured to expose service capabilities of a telecommunication network to applications communicating with the network, the node further being configured to enable authentication of a data transaction and comprising a processing unit and a memory, said memory containing instructions executable by said processing unit, whereby the node is operative to receive information that a wireless communication device is to perform a data transaction with one of said applications, said information comprising an identifier of the wireless communication device and an indication of a location of the wireless communication device, and to transmit said information to the application with which the data transaction is to be performed, wherein the application is enabled to use the identifier of the wireless communication device to fetch, from a distributed ledger, a previously registered identifier of an entity associated with the data transaction and an identifier of a resource issued by a party allowing the entity to perform the data transaction upon the entity presenting the resource to said application, the identifier of the entity and the identifier of the resource having been associated in the distributed ledger with the identifier of the wireless communication device.
Hence, before a data transaction occurring, for instance between a wireless communication device and a merchant, data is registered in a distributed ledger. In an embodiment, the distributed ledger is implemented using blockchain technology.
An issuer, such as a bank, registers a unique payment number with the ledger, which payment number identifies a customer to the issuer. This identifier can be for example a unique identification number associated with an electronic token stored on the wireless communication device, which token enables the wireless communication device to make a payment with the merchant.
In other words, the payment number is a unique number used to identify a means of payment of a customer. That is, the payment number is effectively an identifier of a resource (i.e. the electronic token) issued by a party (i.e. the issuing bank) allowing the customer to perform the data transaction upon the presenting the resource to the merchant. The issuer further registers a unique private/juridical person identifier, which identifies an entity or party, i.e. an individual or a juridical person, associated with the payment number. This could be a national identity number in case of an individual or an organizational number in case of a juridical person.
A node such as e.g. a Home Subscriber Server (HSS) registers an identifier of the wireless communication device with which the payment is to be performed in the ledger. Further, the HSS registers the unique
private/juridical person identifier in the ledger.
When a transaction is to take place between a customer holding the wireless communication device and the merchant, the wireless communication device will transmit a transaction request to the network, which ultimately will be received for instance by a Services Capability Exposure Function (SCEF).
When the SCEF receives the transaction request, the request comprises an identifier of the wireless communication device and a location of the wireless communication device (and possibly monetary amount of the goods being purchased in the transaction). The SCEF transmits the transaction request the merchant.
Upon receiving the transaction request, the merchant acquires the unique private/juridical person identifier and the payment number from the distributed ledger using the identifier of the wireless communication device.
Thereafter, a payment authentication process can be completed and the merchant registers the new transaction with the ledger by providing the ledger 22 with an identifier of the merchant, the identifier of the wireless communication device (and possibly the transaction amount).
Advantageously, a decentralized solution is proposed which works across existing operators and payment networks without need to setup service from the beginning every time a user changes operator or bank or mobile device. In an embodiment, the information that a wireless communication device is to perform a data transaction is received from a node configured to manage mobility of the wireless communication device.
In an embodiment, the information that a wireless communication device is to perform a data transaction is received from the wireless communication device.
In an embodiment, correctness of the identifier of the wireless
communication device is verified with a node configured to manage user data subscriptions.
In an embodiment, the data transaction of the wireless communication device is a goods payment transaction and the received information further comprises amount of the payment made.
In an embodiment, the data transaction of the wireless communication device is a goods payment transaction and the received information further comprises currency in which the payment is made.
Ina third aspect of the invention, a computer program is provided comprising computer-executable instructions for causing a node configured to expose service capabilities of a telecommunication network to applications to perform steps recited in the method of the first aspect when the computer- executable instructions are executed on a processing unit included in the node.
In a fourth aspect of the invention, a computer program product is provided comprising a computer readable medium, the computer readable medium having the computer program of the third aspect embodied thereon.
Further embodiments of the invention will be described in the following. Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise herein. All references to "a/an/the element, apparatus, component, means, step, etc." are to be interpreted openly as referring to at least one instance of the element, apparatus, component, means, step, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention is now described, by way of example, with reference to the accompanying drawings, in which:
Figure l illustrates a prior art payment authentication process;
Figure 2 shows a signaling diagram illustrating a method of performing a data transaction according to an embodiment.
Figure 3 illustrates data blocks being registered in a distributed ledger according to an embodiment;
Figure 4 illustrates data blocks being registered in a distributed ledger according to another embodiment;
Figure 5 illustrates a node configured to expose service capabilities of a telecommunication network to applications communicating with the network according to an embodiment; and
Figure 6 illustrates a node configured to expose service capabilities of a telecommunication network to applications communicating with the network according to another embodiment.
DETAILED DESCRIPTION
The invention will now be described more fully hereinafter with reference to the accompanying drawings, in which certain embodiments of the invention are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided by way of example so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. Like numbers refer to like elements throughout the description.
Figure l illustrates a prior art payment authentication process.
The parties engaging in the payment authentication process will be briefly described in the following.
A customer to is an individual desiring to undertake a transaction with a seller n. The customer to may hold a wireless communication device, such as a smart phone, a tablet, a smart watch etc., which authenticates the seller- initiated transaction using for instance the previously mentioned Swish application. The wireless communication device will in the following be exemplified as a 3rd Generation Partnership Project (3GPP) compatible device, and will thus be referred to as a User Equipment (UE).
The seller 11 initiates the transaction, and typically constitutes a retailer such as a store. For instance, the customer 10 may visit a seller 11 in the form of a furniture store where she buys a table and makes the payment for the table via her smart phone or by credit card. The seller 11 also has a 3GPP cellular connection, and is hence also technically viewed upon as a UE from an operator perspective. The UE and the seller 11 communicate over a cellular network operated by one or more Mobile Network Operators (MNOs).
One or more issuers 12 (for example an institution such as a bank) provide the customer 10 with a means for payment (either a physical credit card, or potentially a virtual token for use with a mobile device).
Further, an acquirer 13 is involved (for instance a bank) providing a Point-of- Sale (PoS) terminal to the seller 11, and a payment network 14 (PN) is utilized for routing the customer 10 to the issuer 12. A PN 14 provides electronic payment services to banking institutions and sellers. Examples of PNs are MasterCard, Visa, American Express, etc. The process starts by the customer to performing a transaction with the seller n in step Slot using the PoS terminal provided to the seller n by the acquirer 13. The customer 10 uses her credit card or UE, which e.g. may be capable of performing Near-Field Communication (NFC) payments, with the PoS terminal. Information is read off the card or the UE (card ID and amount) and sent via the seller 11 (together with terminal ID and seller ID) to the acquirer 13 in step S102.
Subsequently, the acquirer 13 processes the transaction (by verifying that seller ID and PoS terminal ID are correct) and forwards the customer information - i.e. the card ID, amount and, optionally, a Personal
Identification Number (PIN) code - to the PN 14 in step S103 in case of successful verification, which subsequently routes the customer information to the issuing bank 12 in step S104.
As previously mentioned, in case the customer 10 uses her UE to perform the transaction, the issuing bank 12 would typically have provided the UE with an electronic token authenticating the UE to perform the transaction. In such a case, the card ID would be replaced with a corresponding token ID.
The issuer 12 thus verifies that the card ID and the optional PIN is correct, and checks whether there is coverage for the indicated amount of the transaction, in step S105.
If so, the issuer 12 authenticating the payment (if not, the payment is declined). The authentication decision is then relayed back to the seller 11 in steps S106-S108 via the PN 14 and the acquirer 13.
Figure 2 shows a signaling diagram illustrating a method of performing a data transaction according to an embodiment.
To overcome previously mentioned issues in the art related to mobile payment systems, a so called distributed ledger is used, i.e. a database that is consensually shared and synchronized by each party in a network accessing the database, in order to authenticate payment of the UE. In a distributed ledger, each party replicates and saves an identical copy of the ledger. Each participant node of the network updates itself independently; the ledger is not maintained by any central authority. Blockchains are one example of distributed ledger technology.
Figure 2 shows a UE 20 engaging in a transaction with a seller 21 similar to what was described with reference to Figure 1.
However, before the transaction can commence, data is registered in the distributed ledger which is embodied in Figure 2 by a database referred to as a transaction database 22 (TDB).
Further illustrated in Figure 2 are an issuer 23 and a Services Capability Exposure Function 24 (SCEF).
Service exposure is a key function that provides a means to securely expose the services and capabilities provided by 3GPP network interfaces. The Services Capabilities Exposure Function (SCEF) 24 is a key entity within the 3rd Generation Partnership Project (3GPP) architecture for service capability exposure. The functionality of the SCEF is described in detail in e.g. 3GPP specification TS 23.682. Network Exposure Function (NEF) is the evolution of SCEF for fifth generation mobile networks (5G) and described in 3GPP specification TS 23.502. The text below uses SCEF entity as a departure point for further description, but the same principles apply to NEF entity. In case of NEF, Mobility Management Entity 25 (MME) and Home Subscriber Server 26 (HSS) entities are replaced by Access and Mobility Function (AMF) and Unified Data Management (UDM) entities, respectively.
Even though not shown in Figure 2, before any transaction will take place, the application (i.e. the seller 21) registers with the SCEF 24 for engaging in a payment notification service, such that the seller 21 subsequently is capable of notifying the SCEF 24 when a UE engages in a new transaction.
Moreover, Figure 2 illustrates a Mobility Management Entity 25 (MME) responsible for e.g. idle mode UE tracking and paging procedures, and for authenticating the user by interacting with a Home Subscriber Server 26 (HSS) which contains user-related and subscriber-related information. It also provides support functions in mobility management, call and session setup, user authentication and access authorization.
Now, in step S201, the issuer 23 registers a unique payment number with the TDB 22, which payment number identifies a customer to the issuer 23. This identifier can be for example a payment card number of a debit/credit card assigned by the issuing bank 23 to the customer. In case of mobile device payments, the payment number may be a unique identification number associated with an electronic token stored on the UE 20, which token enables the UE 20 to make a payment.
In other words, the payment number is a unique number used to identify a means of payment of a customer. That is, the payment number is effectively an identifier of a resource (i.e. the electronic token) issued by a party (i.e. the issuing bank) allowing the customer to perform the data transaction upon the presenting the resource to the seller 21h
As illustrated in Figure 2, the SCEF 24, the MME 25 and the HSS are typically operated by an MNO.
The issuer 23 further registers a unique private/juridical person identifier (PPI), which identifies an entity or party, i.e. an individual or a juridical person, associated with the payment number. This could be a national identity number in case of an individual or an organizational number in case of a juridical person. The issuer 23 may register the data of step S201 upon a customer applying for a new credit/debit card or an electronic token for performing mobile device payments.
In step S202, the HSS 26 registers an identifier of the mobile device 20 with which the payment is to be performed, referred to in the following as a UE ID. Further, the HSS 26 registers the PPI with the TDB 22. The HSS 26 may register the data of step S202 upon a new mobile subscriber is being onboarded to the network. Now, when a transaction is to take place between a customer holding the UE 20 and the seller 21, as illustrated by the transaction trigger of step S203 (cf. sioi of Figure 1), the UE 20 will transmit a transaction request to the network.
It should be noted that for security reasons, the UE 20 cannot send its identifier UE ID directly to the seller 21, as this would facilitate for a malicious UE to impersonate another UE and thus purchase goods in the name of the other UE’s owner. Instead, the UE 20 communicates its identifier UE ID to the seller 21 via its MNO.
A number of variants of transmitting the transaction request may be envisaged. In a first embodiment, the UE 20 transmits a transaction request in step S204a to the MME 25, which comprises a location of the UE 20 for facilitating detection of fraud, the monetary amount of the goods being purchased in the transaction, and possibly the currency in which the payment is made.
As for the location of the UE 20; the UE 20 and the seller 21 do not have to be physically co-located to initiate the transaction, but location can
advantageously be used to detect fraud, e.g. if transactions are initiated by a UE from two geographically distant locations in a short time window.
The MME 25 will transmit the transaction request to the SCEF 24 in step S206, further adding the UE ID to the request (which possibly is
acknowledged by the SCEF 24).
In a second embodiment, the UE 20 transmits the transaction request directly to the SCEF 24 in step S204I , again comprising a location of the UE 20, the monetary amount of the goods being purchased in the transaction, and possibly the currency in which the payment is made. Further, in this embodiment, the UE 20 includes the UE ID with the request. In this embodiment, the SCEF 24 may verify that the received UE ID is a correct identifier by checking with the HSS 26 in step S205I . The SCEF 24 will in its turn transmit the transaction request comprising the UE ID to the seller 21 in step S2o6a or S2o6b (which possibly also
acknowledges receipt of the transaction request).
Upon receiving the transaction request in step S2o6a or S2o6b, the seller 21 acquires the PPI and the payment number from the TDB 22 by presenting the received UE ID in step S207.
Thereafter, the payment authentication process of Figure 1 continues with already-described steps S102-S108. When the payment authentication process of Figure 1 is completed after step sio8 has been undertaken, the seller 21 registers the new transaction with the TDB 22 in step S208 by providing the TDB 22 with the seller ID, the UE ID and the transaction amount.
Advantageously, with the embodiments described with reference to Figure 2, a decentralized solution is proposed which works across existing operators and payment networks without need to setup service from the beginning every time a user changes operator or bank or mobile device.
Further, this solution can be used across mobile devices with no need to install everything from scratch; it can be envisaged that a SIM card (or embedded SIM card) is inserted in the UE 20 comprising the electronic token required to perform a transaction.
Moreover, the proposed solution may advantageously be implemented on top of existing network infrastructure and any generation of mobile network (2G, 3G, 4G and 5G) using existing payment networks and existing authentication processes.
In an embodiment, the distributed ledger of TDB 22 is implemented using blockchain technology.
Again with reference to Figure 2, the issuer 23 registers the new payment number in step S201 to the blockchain, relating it to a specific private/juridical person using PPI, while the HSS 26 registers the UE ID and the PPI to the blockchain in step S202.
In case of using blockchain technology, the structure of the TDB 22 is a linked chain, with every new block being added pointing to its predecessor.
With reference to Figure 3, this may for instance be implemented utilizing three basic components in each block: a unique hash identifying the block, a pointer to the hash of the previous block as well as block data referred to as “transaction information” being adapted to the party with which each block is associated. The seller 21, the issuer 23 and the MNO (and thus the individual functional entities SCEF 24, MME 25 and HSS 26) can all interact - and perform transactions - with the TDB 22.
Figure 3 illustrates to the left a data block of the issuer 23, in the middle a data block of the MNO (typically the HSS 26), and to the right a data block of the seller 21.
In line with what previously has been described, it is thus envisaged that the issuer 23 registers Block K with the TDB 22 in step S201, the HSS 26 registers Block K+i with the TDB 22 in step S202, and the seller 21 registers Block K+2 with the TDB 22 in step S208 after the payment authentication process is completed.
It is noted that the blockchain structure of Figure 3 should be seen as exemplifying only, and that any other appropriate methodology for implementing a distributed ledger may be envisaged.
With reference again to Figure 3, in addition to what previously has been discussed, the data registered by the issuer 23 may further comprise an identifier of a particular type of transaction being performed, for instance registration of a new payment number or invalidation of an old payment number, and also an issuer ID using a format such as the ISO 9362 BIC (Bank Identifier Code). The registering of data at the TDB 22 by the issuer 23 may occur periodically. The registering of data at the TDB 22 by the MNO, or more particularly the HSS 26, may be initiated when a new mobile subscription is setup which typically occurs when a user purchases a new subscription, but also for all existing subscriptions when an MNO is onboarded. Also, this registration is performed when a subscription of an MNO is cancelled and/or invalidated or when a UE reattaches to the network of the MNO.
The identifier of the UE 20, i.e. the previously discussed UE ID, is in an embodiment the global unique temporary UE identity (GUTI), which is generated by the MME 25 and sent to the UE 20 upon attachment to the network. Advantageously, the GUTI does not reveal the identity of the UE 20 or the user’s permanent identity, in contrast e.g. to using the unique
International Mobile Subscriber Identity (IMSI). Alternatively, another unique UE identifier can be a media access control (MAC) address of a UE.
As has been mentioned, an advantage of the invention is that changes in banks, MNOs, mobile devices, etc., only have a minor impact on the authentication process.
Figure 4 illustrates a minor change being made in the distributed ledger of the TDB 22. In this example, it is assumed that a user changes bank from “Wessex Bank” to“National Bank of Greece”.
Thus, Block N registered with the TDB 22 indicates that that an account registered with Wessex Bank (“WESTGBAV”) is removed and that the customer is assigned payment number“4354498187969050” with the Wessex Bank.
Subsequent Block N+i registered by the issuer 23 with the TDB 22 (and pointing to Block N) indicates that that an account registered with National Bank of Greece (“ETHNGRAA”) is added and that the customer is assigned payment number“4037108198951238” with the new bank.
Figure 5 illustrates an SCEF 24 according to an embodiment. The steps of the method performed by the SCEF 24 of enabling authentication of a data transaction according to embodiments are in practice performed by a processing unit 31 embodied in the form of one or more microprocessors arranged to execute a computer program 32 downloaded to a suitable storage volatile medium 33 associated with the microprocessor, such as a Random Access Memory (RAM), or a non-volatile storage medium such as a Flash memory or a hard disk drive. The processing unit 31 is arranged to cause the SCEF 24 to carry out the method according to embodiments when the appropriate computer program 32 comprising computer-executable instructions is downloaded to the storage medium 33 and executed by the processing unit 31. The storage medium 33 may also be a computer program product comprising the computer program 32. Alternatively, the computer program 32 may be transferred to the storage medium 33 by means of a suitable computer program product, such as a Digital Versatile Disc (DVD) or a memory stick. As a further alternative, the computer program 32 may be downloaded to the storage medium 33 over a network. The processing unit 31 may alternatively be embodied in the form of a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field-programmable gate array (FPGA), a complex programmable logic device (CPLD), etc.
Figure 6 illustrates an SCEF 24 according to a further embodiment. The SCEF 24 comprises receiving means 40 adapted to receive information that a wireless communication device is to perform a data transaction with one of a number of applications being register with the SCEF 24, said information comprising an identifier of the wireless communication device and an indication of a location of the wireless communication device, and
transmitting means 41 adapted to transmit the information to the application with which the data transaction is to be performed. This enables the application to use the identifier of the wireless communication device to fetch, from a distributed ledger, a previously registered identifier of an entity associated with the data transaction and an identifier of a resource issued by a party allowing the entity to perform the data transaction upon the entity presenting the resource to said application, the identifier of the entity and the identifier of the resource having been associated in the distributed ledger with the identifier of the wireless communication device.
The means 40, 41 may comprise communication interface(s) for receiving and providing information, and further a local storage for storing data, and may (in analogy with that previously discussed) be implemented by a processor embodied in the form of one or more microprocessors arranged to execute a computer program downloaded to a suitable storage medium associated with the microprocessor, such as a RAM, a Flash memory or a hard disk drive.
The invention has mainly been described above with reference to a few embodiments. However, as is readily appreciated by a person skilled in the art, other embodiments than the ones disclosed above are equally possible within the scope of the invention, as defined by the appended patent claims.

Claims

1. A method of a node (24) configured to expose service capabilities of a telecommunication network to applications communicating with the network of enabling authentication of a data transaction, comprising:
receiving (8205a, S204b) information that a wireless communication device (20) is to perform a data transaction with one (21) of said applications, said information comprising an identifier of the wireless communication device (20) and an indication of a location of the wireless communication device (20);
transmitting (S2o6a, S2o6b) said information to the application (21) with which the data transaction is to be performed;
wherein the application (21) is enabled to use the identifier of the wireless communication device (20) to fetch (S207), from a distributed ledger (22), a previously registered (S201, S202) identifier of an entity associated with the data transaction and an identifier of a resource issued by a party (23) allowing the entity to perform the data transaction upon the entity presenting the resource to said application (21), the identifier of the entity and the identifier of the resource (23) having been associated in the distributed ledger (22) with the identifier of the wireless communication device (20).
2. The method of claim 1, the identifier of an entity associated with the data transaction being an identifier of an individual associated with the data transaction.
3. The method of claim 1, the identifier of an entity associated with the data transaction being an identifier of a juridical person associated with the data transaction.
4. The method of any one of the preceding claims, the information that a wireless communication device (20) is to perform a data transaction being received from a node (25) configured to manage mobility of the wireless communication device (20).
5. The method of any one claims 1-3, the information that a wireless communication device (20) is to perform a data transaction being received from the wireless communication device (20).
6. The method of claim 5, wherein correctness of the identifier of the wireless communication device (20) is verified (8205b) with a node (26) configured to manage user data subscriptions.
7. The method of any one of the preceding claims, wherein the data transaction of the wireless communication device (20) is a goods payment transaction and the received information further comprises amount of the payment made.
8. The method of claim 7, wherein the data transaction of the wireless communication device (20) is a goods payment transaction and the received information further comprises currency in which the payment is made.
9. A node (24) configured to expose service capabilities of a
telecommunication network to applications communicating with the network, the node (24) further being configured to enable authentication of a data transaction and comprising a processing unit (31) and a memory (33), said memory containing instructions (32) executable by said processing unit, whereby the node (24) is operative to:
receive information that a wireless communication device (20) is to perform a data transaction with one (21) of said applications, said
information comprising an identifier of the wireless communication device (20) and an indication of a location of the wireless communication device (20);
transmit said information to the application (21) with which the data transaction is to be performed;
wherein the application (21) is enabled to use the identifier of the wireless communication device (20) to fetch (S207), from a distributed ledger (22), a previously registered (S201, S202) identifier of an entity associated with the data transaction and an identifier of a resource issued by a party (23) allowing the entity to perform the data transaction upon the entity presenting the resource to said application (21), the identifier of the entity and the identifier of the resource (23) having been associated in the distributed ledger (22) with the identifier of the wireless communication device (20).
10. The node (24) of claim 9, the identifier of an entity associated with the data transaction being an identifier of an individual associated with the data transaction.
11. The node (24) of claims 9 or 10, the identifier of an entity associated with the data transaction being an identifier of a juridical person associated with the data transaction.
12. The node (24) of any one of claims 9-11, further being operative to receive the information that a wireless communication device (20) is to perform a data transaction from a node (25) configured to manage mobility of the wireless communication device (20).
13. The node (24) of any one claims 9-12, further being operative to receive the information that a wireless communication device (20) is to perform a data transaction from the wireless communication device (20).
14. The node (24) of claim 13, further being operative to verify correctness of the identifier of the wireless communication device (20) with a node (26) configured to manage user data subscriptions.
15. The node (24) of any one of claims 9-14, wherein the data transaction of the wireless communication device (20) is a goods payment transaction and the received information further comprises amount of the payment made.
16. The node (24) of claim 15, wherein the data transaction of the wireless communication device (20) is a goods payment transaction and the received information further comprises currency in which the payment is made.
17. The node (24) of any one of claims 9-16, which node (24) is a Services Capability Exposure Function, SCEF, or a Network Exposure Function, NEF.
18. A computer program (32) comprising computer-executable instructions for causing a node (24) configured to expose service capabilities of a telecommunication network to applications communicating with the network to perform steps recited in any one of claims 1-8 when the computer- executable instructions are executed on a processing unit (31) included in the node (24).
19. A computer program product comprising a computer readable medium (33), the computer readable medium having the computer program (32) according to claim 18 embodied thereon.
PCT/EP2018/077351 2018-10-08 2018-10-08 Authentication of data transactions WO2020074060A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2018/077351 WO2020074060A1 (en) 2018-10-08 2018-10-08 Authentication of data transactions

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2018/077351 WO2020074060A1 (en) 2018-10-08 2018-10-08 Authentication of data transactions

Publications (1)

Publication Number Publication Date
WO2020074060A1 true WO2020074060A1 (en) 2020-04-16

Family

ID=63794514

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2018/077351 WO2020074060A1 (en) 2018-10-08 2018-10-08 Authentication of data transactions

Country Status (1)

Country Link
WO (1) WO2020074060A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170243208A1 (en) * 2016-02-22 2017-08-24 Bank Of America Corporation System for control of device identity and usage in a process data network

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170243208A1 (en) * 2016-02-22 2017-08-24 Bank Of America Corporation System for control of device identity and usage in a process data network

Similar Documents

Publication Publication Date Title
US10922675B2 (en) Remote transaction system, method and point of sale terminal
Wang et al. Mobile payment security, threats, and challenges
JP6257582B2 (en) Transaction authentication between mobile communication devices and terminals using location data
US20140358777A1 (en) Method for secure atm transactions using a portable device
US9984371B2 (en) Payment de-tokenization with risk evaluation for secure transactions
US9384479B2 (en) Mobile phone takeover protection system and method
JP2019145141A (en) System and method for initially establishing and periodically confirming trust in software application
US10475020B2 (en) Mobile device roaming status subscription
US20160307186A1 (en) Verification of contactless payment card for provisioning of payment credentials to mobile device
US8825532B1 (en) Payment system and method using a mobile telephone network for charging and settlement
AU2012265824B2 (en) A transaction system and method for use with a mobile device
US20200111082A1 (en) Digital property remittance via telephone numbers through telecom carriers
KR102574524B1 (en) Remote transaction system, method and point of sale terminal
Pourghomi et al. A secure cloud-based NFC mobile payment protocol
TW200409521A (en) Authentication and identification system and transactions using such an authentication and identification system
Crowe et al. Mobile Phone Technology:“Smarter” Than We Thought
WO2013140196A1 (en) A system for electronic payments with privacy enhancement via trusted third parties
MX2012010196A (en) Method and system for performing a transaction.
JP2011044151A (en) Method and system for safe payment by portable terminal
Neeharika et al. A Novel Interoperable Mobile Wallet Model with Capability Based Access Control Framework
Neville et al. Efficiently achieving full three-way non-repudiation in consumer-level ecommerce and M-Commerce transactions
WO2020074060A1 (en) Authentication of data transactions
US20150363766A1 (en) Transaction management
RU2696953C1 (en) Method of using unique number of mobile telephone subscriber for payments using payment systems
Alsadi et al. Challenges and Risks of Developing a Payment Facilitator Model

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18783008

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18783008

Country of ref document: EP

Kind code of ref document: A1