DE10133884A1 - Executing cashless card transaction carries out admissibility test on card identification and engages in protocol with dealer station and mobile telephone - Google Patents

Abstract

Identification of the SIM card is read into the dealer station and transmitted to the comparator. A push enquiry is stacked on a push initiator (6), with no prior or simultaneous enquiry by the mobile radio telephone (2). The comparator itself has, or functions as, a push-initiator. The push-initiator produces a push-signal (12) with header (13) and body (14). Using push-access-protocol (PAP), it transmits it (12) to a push-proxy-gateway (9) via a connection. The push-signal is tested for admissibility in accordance with gateway requirements and the push-initiator requirements are tested. Should inadmissibility arise, the procedure is terminated and a corresponding response is transmitted to the dealer station. Otherwise, preparation, and if appropriate re-formatting of the push signal for wireless transmission, are effected. The push signal is transmitted using push-over-the-air-protocol, to the mobile phone (2), by formation or use of a WAP-push-session, the phone being suitably implemented. The push-signal is a WAP-service-indication-signal (18), comprising text and a link (17). On tracking of the link by the mobile phone (2) a WAP-pull-session is constituted over the WAP-gateway. Data is issued through the mobile phone and confirmation information is ascertained through it. An Independent claim is included for the corresponding system.

Description

The invention relates to a method and a system for Processing cashless payments, for example, but not only in e- / m-commerce.

Similar to the classic mail order business with purchases on the Internet or via mobile phone, usually via Credit card, paid by direct debit or cash on delivery. Especially when paying by credit card, where the Credit card number and expiry date will be given and must be transmitted online Reservations on the part of the user, since the transmission of the data often done via unsecured connections, so the Data can be easily spied on by unauthorized persons. This also applies to the transmission of account details, for example by email.

Another, already known possibility, for example in Paying online shops is the so-called "mobile payment". Here, the customer gives payment for his goods in one Online shop its user identification (MSISDN = Mobile Station International Subscriber Device Number) or an alias a, with some procedures also a personal one Identification number (PIN) is requested, then is the purchase amount is withdrawn via the mobile phone bill, in other cases, billing takes place via the affiliated credit institution. The mobile phone is in this Used cases, the payment process on the part of the customer or To confirm the user again, the procedure here is like follows:

The customer orders goods in an online shop. Whose Server contacts a so-called payment server. This accepts corresponding payment requests, checks the customer data, transmits the payment process to Billing system and confirms that successfully completed payment process to the server of the online shop. in the As part of the processing, the payment server checks whether the Online shop is entitled to an inquiry. Subsequently the payment server tries the customer on his Mobile phone to reach a confirmation of the initiated Receive payment process. Here, for. B. an IVR (Interactive Voice Response) are used. Has the Customers via a WAP-compatible mobile phone (wireless Application Protocol), it is possible to change it through the Internet online store requesting a specific URL (uniform Resource Locator = Internet address) with his Call the mobile phone to confirm the payment process. It's like that the confirmation from the customer before, the payment = Server the billing-relevant data to the Billing system, which is that of the mobile network operator or of a bank that the customer can trade with corresponding account maintains. After all, it has that too Billing system confirms the payment process, the online Shop informed accordingly, and delivery of the Goods caused.

Furthermore, DE-OS 199 03 822 is already a process known, in which at a dealer station an amount of money read in, together with an identifier of the dealer station a matching device is transmitted where the data be cached. The sends via a mobile phone Pay the identifier of the dealer station to the Matching device that the identifier with that of the stored data compares and the corresponding amount of money to the Cellular phone transmitted. There will be a confirmation of the Payment requested and transmitted to the matching facility who make a corresponding booking to an account holder Facility submitted.

The disadvantage of this already known solution is that this is costly, prone to failure and not very flexible.

The object of the invention is therefore to provide a method for simple, convenient, inexpensive and not prone to errors To make payments using a mobile phone.

This object is achieved according to the invention by a method having the features of claim 1, having a system with the features of claim 4 can be solved.

For verification and confirmation of the purchase or the According to the invention, payment by the customer is the so-called WAP push technology used. To the verification loop Initially, it is also necessary to initiate the SIM ID (MSISDN) or an alias in the dealer station read in and transmitted to the adjustment device, since the Otherwise, the cell phone cannot be addressed.

With this type of access "WAP push" the mobile phone Data sent without the user immediately previously requested with a corresponding request. Cellular phones usually request over one Corresponding connection computer to the Internet (WAP gateway) content and services from various these content and services offered servers. Such a WAP gateway acts as so-called proxy server for customer requirements and translated these WAP requests into Internet-enabled HTTP requests (Hypertext Transfer Protocol) to the server. Subsequently the WAP gateway translates the server's responses into reverse direction from HTTP to WAP and thus delivers the requested content to the cellular phone.

With the new access type "WAP-Push", the Mobile phone can already be delivered a WAP content without a corresponding WAP request has been made beforehand. This Delivery is carried out by a so-called push initiator (PI) triggered, which can be part of the content server. The actual delivery of the content to the mobile phone takes over a push proxy gateway (PPG), which the from Push initiator (PI) saves and delivers content created. Also this converts HTTP to WAP. To one triggering the mobile payment process works Payment server as push initiator (PI) and sends a push request to the push proxy gateway. This generates a Push message that is sent to the mobile phone. at this message is a WAP service indication Message. It consists of a text and a link to one WAP side, this means that on this WAP side newer Content is available for the user to view, by following this link, and can do something like this appearance:

"You have a purchase of EURO XX for online shipping XY. YY made and indicated that you are using mobile payment want to pay. If this is correct, follow this Link."

If the user follows the link as specified, builds it Mobile phone open a WAP session. Act at this WAP session is a WAP pull session, which in turn is via the WAP Gateway is established. For the user, a WML Page (wireless markup language) on the mobile phone Display showing the payment amount and the recipient (e.g. online shop). Does the user want the Confirm payment process, this presses a corresponding one Confirmation button, and the verification is successful completed.

Then the corresponding data to the known Billing system transmitted, from there comes one Confirmation and another confirmation of the completion of the Payment process is transmitted to the online shop server. Verification and is essential to the new process Confirmation of purchase or payment by the user via WAP push. The MSISDN (Mobile Station International Subcribers Device Number), which the user when paying in Online stores indicating is well known: it is the Mobile phone number. So this number could be without Difficulties even from unauthorized persons Execution of payment transactions on third-party account can be specified. So there must be confirmation from the user be queried, which only he can make personally.

This is made possible by the WAP push method according to the invention realized. The user gets the payment message on Mobile phone, he only has to follow the link given, taking this immediately after receiving the message, but also to any later time that seems suitable to him can. As the message goes exactly to the mobile phone number that were specified when paying, are one Confusion or misuse excluded.

Compared to the use of Interactive voice response systems, the inventive method is more convenient, simple, less prone to errors and less expensive. The message is promptly transmitted to the user, he can follow the link, whenever he wants. When using a Interactive voice response systems can only react immediately.

The WAP push method is also less prone to errors, it points out background noise and incorrect pronunciation no problems as it is a text based system is.

Most of all offer both the sending of the WAP push messages, as well as the confirmation in the subsequent WAP pull Session the possibility of encryption, for example via the WTLS encryption process (Wireless Transaction Security layer). This is also a significant advantage versus interactive voice response systems that don't can be encrypted.

Is the packet-oriented GPRS for the WAP pull session Service used as a carrier is the cost of the Total payment process is low because only a few data are transmitted Need to become. When using GPRS (General Paket Radio Service) will not be the length of time during which Data connection is kept, calculated, but only the amount of transmitted data. In contrast, the processing takes time of an interactive voice response call, usually some Minutes that either the user or the operator of the Payment service must pay.

If a pure WAP pull service is used without the new WAP push service, the whole process becomes more complicated and prone to errors. The user must either call up a URL (Uniform Resource Locator = Internet address) or access a portal on which a link to the payment server has been provided to confirm the payment. So he must always act independently and can make mistakes. In contrast to this, in the method according to the invention using the WAP push service, the user only has to follow the link given in order to carry out the confirmation for the payment process. In order to secure the whole process, communication takes place between the online provider's web server, the payment server and the billing system via SSL (Secure Socket Layer) / TLS (Transport Layer Security), also the push initiator and the push Proxy gateways (PPG) communicate via such a secure connection. As already mentioned, the push service indication message between the push proxy gateway (PPG) and the mobile radio telephone is advantageously secured with WTLS (Wireless Transaction Layer Security), if possible with WTLS3 Class 3 . For this purpose, the WAP gateway is configured in such a way that it only allows secure connections to the payment server.

If this is not possible because the mobile phone does not support WTLS (Class 3 ) encryption, the PIN (Personal Identification Number) and TAN (Transaction Number) procedure already known from online banking can also be used here.

The invention is described below with reference to the drawing explained. This shows in

Fig. 1 is a schematic representation of a client-server relationship,

Fig. 2 is a schematic view of a client push initiator relationship,

Fig. 3 is a schematic view of a client push initiator relationship with interposition of a push proxy gateway,

Fig. 4 is a schematic illustration of a push method using a service indication message,

Fig. 5 shows a schematic overview of the delivery of a push message with answers in a subsequent pull-session.

In the case of a customary client-server relationship 1 , the client 2 first requests a service or information from a server 3 providing it, which then transmits the requested information to the client 2 . This procedure with the arrow 4 is usually referred to as "pull" technology. The client 2 fetches the information from the server 3 . A typical example of such a "pull" technology is the Internet, in which the user enters a URL (Uniform Resource Locater) known to him as a request, which is sent to the server 3 , the server 3 then sending the corresponding web Page answers.

In contrast to this, the technology with the arrow 5 “push” is also based on the client-server model 1 , but no previous request from the client 2 is necessary before the server 3 sends its content or its message to the client 2 transmitted. In short: "Pull" transactions or information are always triggered by client 2 , "push" transactions, in contrast, are server 3-initiated.

A "push" operation 5 takes place when a so-called "push" initiator 6 ( FIG. 2) transmits corresponding content to the client 2 on the Internet. In the simplest embodiment, this is done as shown in FIG. 2. However, since the push initiator (PI) 6 does not have the same protocol as a WAP client 2 , since the push initiator 6 is integrated into the Internet 7 , but the WAP client 2 into the so-called WAP domain 8 , this is required the interposition of a switching device, a so-called "push proxy gateway" (PPG) 9, as shown in FIG. 3. This push proxy gateway 9 translates the information and messages transmitted by the push initiator 6, which are transmitted via the so-called "push access protocol" (PAP) 10, into the "push over" for the WAP client 2. the-air-protocol "(Push-OTA-Protocol) 11. The necessary transformations take place in order to be able to wirelessly transmit the information made available via the Internet 7 to the client 2 via a mobile radio telephone network. In this case, the push proxy gateway (PPG) 9 can additionally be set up in such a way that it informs the push initiator 6 of the successful forwarding of the messages it delivers to the client 2 . In addition, the PPG gateway 9 can be set up in such a way that it waits before the return information is sent to the push initiator 6 whether the client 2 accepts or rejects the delivered content. The "Push Access Protocol" (PAP) 10 mentioned uses XML messages which are modified by the various, well-known Internet protocols, for example HTTP (Hypertext Transport Protocol). The wireless OTA protocol is based on the so-called WSP services.

The goal of a "push" message transmission is to transmit a push message 12 from the push initiator (PI) 6 to the push proxy gateway (PPG) 9 , which then transmits the message 12 to the client 2 in a wireless manner Cellular network 8 continues to deliver. The push message 12 contains a so-called header 13 , which contains the address information, and a so-called body 14 , which contains the actual message. The header 13 is an XML document that contains control information for the push proxy gateway (PPG) 9 that is required to deliver the message 12 . The body 14 represents the message that is to be transmitted to the wireless cell phone 2 (client).

The answer to the push request 5 , represented by the arrow 15 , also represents an XML document, which initially indicates whether the message 5 has arrived, for which confirmation information 16 is obtained from the mobile radio telephone 2 , or whether the transmission has failed , The push proxy gateway (PPG) 9 must at least check the body 14 and report whether the intended delivery to the client 2 has been successful. In addition, the push proxy gateway 9 , insofar as this was requested by the push initiator 6 , can also indicate whether other checks regarding the successful message transmission have been successfully completed. A typical reply message 15 also contains further information.

A service indication (SI) message 18 is typically able to transmit notifications to users in an asynchronous process. Such notifications can be, for example, incoming messages about new emails, share price changes, headlines, advertising banners, wake-up and reminder messages and the like.

In its basic form, such a service indication (SI) message 18 has a short message and a URL (Uniform Resource Locater), which indicates a corresponding service. The message is displayed to the user on receipt on his mobile radio telephone 2 , the user can either react to it immediately or can do so later. For this later reaction, the service indication (SI) message 18 is temporarily stored at the client 2 (ie in the mobile radio telephone), so that the user can only come back to it later and answer the message.

For this purpose, the user follows a link 17 specified in the service indication (SI) message 18 , that is to say by simply clicking on it, he gives a text-based reply, as indicated by the arrows 19 and 20 , in order thus to send the query to him to answer and confirm the triggered payment process. If link 17 , which leads to a WAP page, is tracked, new content of the server is available for client 2 . This content can e.g. B. look like this:

"You have a purchase of EURO XX for online shipping XY. YY made and stated that they are using mobile payment want to pay. If this is correct, follow this Link."

The mobile radio telephone 2 then sets up a WAP pull session again via the WAP gateway. A WML page (Wireless Markup Language) appears on the display 22 of the mobile radio telephone 2 , on which the payment amount and the recipient, e.g. B. the online shop. If the user wants to finally confirm the payment process, he presses a corresponding confirmation key 21 , which concludes the verification.

The data are then transmitted to connected billing systems, not shown separately, from where a confirmation is sent to the mobile telephone 2 . A further confirmation of the completion of the payment process is sent to the online shop server, also not shown, after which the goods can be delivered.

The great advantage of the solution according to the invention is that the user no longer has to work independently. He only has to react to the push message 12 he has received and follow the link 17 given in order to confirm the payment process. All communication channels can be secured, for example with WTLS (Wireless Transaction Layer Security), ideally even with WTLS Class 3 . Alternatively, the already known PIN / TAN method can also be used.

Claims (5)

1. procedure for carrying out a cashless payment transaction,
by means of a dealer station identified by a dealer station identifier,
a mobile radio telephone ( 2 ) with a SIM card identified by an identifier and
a matching device that
a transaction data storage device,
a dealer test facility for checking the identifiers of the dealer stations approved for this procedure and
has a subscriber test facility for checking the identifiers of the SIM cards approved for this method and
connected to account-keeping facilities,
this method includes the following steps: reading a sum of money to be paid into the dealer station,
Transmitting the identifier of the dealer station and at least the amount of money to the matching device with this identifier via a data connection,
Checking the approval of the dealer station for the procedure using the dealer test facility,
Termination of the procedure in the absence of approval,
otherwise writing the data as an open transaction in the transaction storage device of the matching device,
Establishing a connection from the mobile radio telephone to the matching device,
Transmission of the identifier of the dealer station and the identifier assigned to the SIM card to the matching device,
Checking the approval of the SIM card for the procedure using the participant test facility,
in the absence of approval, termination of the procedure, deletion of the open transactions from the transaction memory and transmission of corresponding data to the dealer station,
otherwise comparison of the dealer station identifier transmitted by the mobile radio telephone with that of the open transactions stored in the transaction storage device,
if such a transaction is not found, canceling the process, and
in the other case, transferring the transaction data from the transaction memory and the identification of the mobile radio telephone to an account-maintaining facility and deleting the transaction from the transaction memory,
characterized in that
the identifier of the SIM card is also read into the dealer station,
the identifier of the SIM card is also transmitted to the matching device,
the comparison device sends a push request to a push initiator ( 6 ) without prior or simultaneous request by the mobile radio telephone ( 2 ),
the balancing device itself having a push initiator ( 6 ) or functioning as such,
the push initiator ( 6 ) generates a push message ( 12 ) with header ( 13 ) and body ( 14 ),
the push initiator ( 6 ) sends the push message ( 12 ) to a push proxy gateway ( 9 ) using a push access protocol (PAP),
the push message ( 12 ) is checked for admissibility in relation to the push proxy gateway ( 9 ) requirements and the push initiator ( 6 ) requirements,
if there is no admissibility, the process is terminated and the push message ( 12 ) is deleted and corresponding information is transmitted to the dealer station,
if permissible, the preparation and, if necessary, reshaping of the push message ( 12 ) for wireless forwarding takes place,
the push message ( 12 ) is transmitted to the mobile radio telephone ( 2 ) by means of a push-over-the-air protocol by establishing or using a WAP push session,
wherein the mobile radio telephone ( 2 ) is designed to be WAP push-capable, and
wherein the push message ( 12 ) is a WAP service indication message ( 18 ),
consisting of a text and a link ( 17 ), and
wherein when the link ( 17 ) is followed by the mobile radio telephone ( 2 ), a WAP pull session is established via the WAP gateway, and
the data being output by the mobile radio telephone ( 2 ) and,
confirmation information is requested by the mobile radio telephone ( 2 ). 2. The method according to claim 1, characterized in that confirmation information about the successful transmission of the push initiator ( 6 ) message is provided if the push initiator ( 6 ) has requested one, and the push initiator ( 6 ) Message was successfully transmitted. 3. The method according to claim 1 and / or 2, characterized in that the pursuit of the link ( 17 ) can take place in immediate chronological order or at different times. 4. System for performing the method according to claim 1, comprising the following facilities:
a dealer station identified by a dealer station identifier,
a WAP push-capable mobile phone ( 2 ) with
a SIM card and
an identifier identifying the SIM card,
a matching device, this
a transaction data storage device ( 10 )
a dealer test facility for checking the identifiers of the dealer stations approved for this procedure and
a subscriber checking device for checking the identifiers of the SIM cards approved for this method,
associated with account management facilities, as well
an input and output device of the dealer station and a device for establishing a data connection from the dealer station to the matching device further comprising these
Interface devices for the data connection to dealer stations,
Interface devices for cellular phone connections as well
Control devices which, after establishing a connection and sending transaction data from a merchant station, check the approval of the merchant station for the procedure using the merchant checking device, and abort the procedure in the absence of approval, but otherwise enter the transmitted transaction data into the transaction data storage device when establishing one Connection from a mobile radio telephone ( 2 ) receive the identifier of the SIM card, check the authorization of the SIM card for the procedure using the subscriber test device, cancel the procedure if there is no authorization, otherwise compare the identifier with the entries in the transaction data storage device and If a transaction with the same SIM card identifier is not found, abort the method and, if accepted, transmit the transaction data and the identifier of the mobile radio telephone ( 2 ) to the account-holding facility, marked by
further control devices which also transmit the identifier of the SIM card to the dealer station and the matching device,
a push initiator ( 6 ) for generating a push request ( 10 ) to a push proxy gateway ( 9 ) and for generating a push message ( 12 ) in the form of a WAP service indication message ( 18 ) a text and a link ( 17 ), and a push proxy gateway ( 9 ) for the administration and transmission of the same to the mobile radio telephone ( 2 ) and for establishing a WAP pull session when tracking the link from the mobile radio telephone ( 2 ) for outputting the data by the mobile radio telephone ( 2 ) and for querying and forwarding confirmation information by the mobile radio telephone ( 2 ). 5. System according to claim 4, characterized in that the push initiator ( 6 ) is part of the adjustment device.