DE10218729B4 - Methods for authenticating and / or authorizing people - Google Patents

Abstract

Method for authenticating and / or authorizing a person as proof of an order for goods and / or services made by the person by dual data transmission over the Internet on the one hand and the fixed network or the mobile network on the other, comprising the following procedural steps:
a) collecting data assigned to the person during the order, the data comprising a numerical, alphabetical or alphanumeric code and a telephone number of a telecommunications connection assigned to the person,
b) recording the desired goods and / or services,
c) dialing the telecommunication connection with the registered telephone number,
d) logging the bidirectional communication with the telecommunications connection as proof of the order,
e) requesting the confirmation code exclusively via the telecommunications connection, without requesting further data recorded in step a),
f) detecting a numerical, alphabetical or alphanumeric code via a person's telecommunication device assigned to the telecommunication connection,
g) comparing the codes recorded under steps a) and f) and
h) Accept the ...

Description

The invention relates to a method to authenticate and / or authorize people at the Ordering goods and / or services, in particular via a non-connection-oriented network. In the non-connection-oriented network it could be the internet, for example.

Trade in goods and / or services through the Internet, the so-called e-commerce, is an increasingly growing one Sector. Besides the possibility The customer already has a wide variety of goods ordered also the possibility for example, flights through online travel agencies to book. Paying the over the goods and / or services requested online currently mainly by credit card, Direct debit or cash on delivery, to a lesser extent via advance payment and against invoicing. Prefer larger providers in particular the payment over Credit cards or direct debit.

The risk of being on the Internet by third parties unauthorized payment-relevant data is intercepted during the transmission, can be prevented, for example, by using a so-called SSL encryption (secure socket layer) a protected Connection is established.

Another problem with e-commerce, this also through the SSL encryption described above unsolved is the insufficient mutual authentication possibility the (future) Business partner: The customer who orders goods and / or services via the Internet, usually only knows the dealer's website, but often does not know who is behind it this web site hides. A similar Problem also exists for the dealer, that he doesn't know whether it was the person specified on the order who made the order actually carried out Has. In the case of a controversial order, the burden of proof usually lies at the dealer. For this result from it great Uncertainties and risks of fraud.

A way of authentication of the customer on the Internet currently exists in the context of the so-called "SET procedure" (= secure electronic transaction). In order to be able to use this system, the customer must register with his bank a "digital Get certificate, with the help of which he stands out through the digital signature below his Order clearly identified (private / public key procedure). Vice versa carries the Invoice the retailer's digital signature so that the customer can be certain about it identity receives. Moreover the data is encrypted in a way that the credit card details for the merchant invisible while the bank the information about the goods or service - until on the price - locked stay.

The disadvantage of this system is the higher effort computing time due to certification and encryption. About that encryption also complicates credit card details to the merchant the information gathering about the customers, which are particularly important in e-commerce for the Customer loyalty is. Many traders therefore reject the investments in SET. Another Problem in connection with the systems mentioned is that the Customer first download software, then download it on your computer install locally and get a SET certificate (the Uniquely identified) by ID card. Out Many customers are of the opinion that this is a cumbersome process Procedure, which prevents them from Order online. For the reasons mentioned, the SET procedure is experienced both with customers as well as with dealers little acceptance.

Another method that results from the The so-called "iClear method" is known in the prior art. This method allows a clear authentication of the two trading partners. however in this case, both the customer and the dealer must first register, which most users find too complicated and time-consuming. In addition, there is a high degree of difficulty in the technical implementation of the system, so that this method also receives little acceptance.

Another possibility are so-called "prepaid cards", whereby the customer, to be able to order online, must purchase a magnetic card with a certain amount of money is charged. Such magnetic cards are for example at kiosks, Gas stations and the like available. The Magnetic cards need always "charged" for what the customer has to leave the house.

Finally, there is a payment procedure which is known as "Virtual Cash". For this The customer generates the type of payment using special software on his PC "electronic Coins ", which is unique Receive serial numbers. The coins are sent to the bank electronically, by the bank against debit of the customer account made valid by a digital signature and sent to the customer back sent who now purchases online can pay with it. After receiving a payment with the electronic coins the dealer sends this to the bank, which, after successful verification, credits it to his account. The problem here is the risk of "storing cash" on the hard disk. On top of that Both customer and dealer an account with a special bank is required to participate in the process to take part. Because of these disadvantages, this is acceptance Systems also low.

A similar problem often arises with oral or telephone orders, if the dealer cannot recognize whether the person ordering is authorized to order under the specified name and, if applicable, to pay with the specified credit card number or the like.

WO 01/54438 A1 describes a method for Authentication known where the authentication of a person who places an order on the Internet, for example, through the Telephone company takes place where the person is using a mobile phone is registered. However, this inevitably presupposes that the telephone company a corresponding one with the provider of the goods and / or services Framework contract has concluded. If not, it is Methods disclosed in WO 01/54438 A1 cannot be used. Further the procedure in Germany is not for data protection reasons can be used as the telephone companies without the consent of the telephone customer are not authorized to pass on data to third parties.

WO 01/15381 A1 discloses a Authentication method whereby the person is with a provider is registered. Would like to the person using a service provided by the provider must subscribe to First enter a password and personal data in log into the provider's system. If the person services want to use the outside this is accessible from the first password Scope of service is one that is stored in the system The person's phone number is forwarded to a communication system, which the person over calls a second connection line and to forward one second password to the communication system. This second password is arbitrary chosen and the person was either through the system of the provider for example predefined when logging in or by the person himself in the system of the provider previously entered. The second covered by the communication system Password is forwarded to the system of the provider, which compares the second password with the stored second password. If they match With the second password, the person can use the desired services.

Based on this problem it is an object of the invention to provide a method for authentication and / or authorization of a person when ordering goods and / or services, in particular on the Internet, with that without having to register the person before ordering at the provider of the goods and / or services, one Order of goods and / or services by the person made and at the same time a proof of the carried out by the provider Order managed can be.

According to the invention, this object is achieved by Method according to claim 1 solved.

• a) Erfassen von der Person zugeordneten Daten während der Bestellung, wobei die Daten einen numerischen, alphabetischen oder alphanumerischen Code sowie eine Rufnummer eines der Person zugeordneten Telekommunikationsanschlusses umfassen,
• b) Erfassen der gewünschten Waren und/oder Dienstleistungen,
• c) Anwählen des Telekommunikationsanschlusses mit der erfassten Rufnummer,
• d) Protokollieren der bidirektionale Kommunikation mit dem Telekommunikationsanschluß als Nachweis für die Bestellung,
• e) ausschließliches Anfordern des Bestätigungscodes über den Telekommunikationsanschluß, ohne Anfordern weiterer in Schritt a) erfasster Daten,
• f) Erfassen eines numerischen, alphabetischen oder alphanumerischen Codes über ein dem Telekommunikationsanschluß zugeordnetes Telekommunikationsgerät der Person,
• g) Vergleichen der unter Schritt a) und f) erfassten Codes und
• h) Akzeptieren der Bestellung bei übereinstimmung der Codes.

The method according to the invention for authenticating and / or authorizing a person as proof of an order made by the person for goods and / or services has the following method steps:

• a) collecting data assigned to the person during the order, the data comprising a numerical, alphabetical or alphanumeric code and a telephone number of a telecommunications connection assigned to the person,
• b) recording the desired goods and / or services,
• c) dialing the telecommunication connection with the registered telephone number,
• d) logging the bidirectional communication with the telecommunications connection as proof of the order,
• e) exclusively requesting the confirmation code via the telecommunications connection, without requesting further data recorded in step a),
• f) detecting a numerical, alphabetical or alphanumeric code via a person's telecommunication device assigned to the telecommunication connection,
• g) comparing the codes recorded under steps a) and f) and
• h) Accept the order if the codes match.

"Authorize" is in the context of the present Invention finding agreement between the client and the person to be supplied. With the method according to the invention In particular, orders under foreign names should be avoided. The grasping of that of the person  assigned data and an order of goods and / or services of the person according to step a) and b) can, on the one hand, record an oral order and save it the same on a storage medium, for example a hard disk of a PC, or via a non-connection-oriented network, for example the Internet, respectively.

The goods and / or services are ordered via the non-connection-oriented network, especially the Internet, in the usual way: in addition to the order, the ordering person also uses his PC to provide the necessary data, such as name, delivery address, credit card number and so on , on. In addition to the above-mentioned data, the ordering person also gives one freely selectable code, which can be a numeric, alphabetical or alphanumeric code. This code is used for later authentication. Another fixed component of the data entered by the ordering person is finally the telephone number of a telecommunications connection assigned to the person. This can be, in particular, a mobile radio connection or a landline connection of the person concerned.

about the telecommunications network will now be that of the ordering party Person dialed the number entered and the confirmation code was requested. This query is therefore not made via the non-connection-oriented Network, for example the Internet, but via a separate communication medium, the telecommunications connection. Once the code is over the telecommunications connection Dealer submitted a comparison of the non-connection-oriented network fed codes and the over the telecommunications device transmitted codes instead. The dealer can now be sure that the person ordering is identical to is the one assigned to the telecommunications connection is. The telecommunication connection is proof of the order auditable. A clear identification is based on the phone number possible of the ordering person.

The method according to the invention does not require any Downloads or installation of third-party software. For the user it is therefore an uncomplicated process, which is why a high acceptance is expected. The means required for the procedure (PC, telecommunication device such as telephone or cell phone) are widespread among the population.

Another advantage is the Fact that has been proven there is a certain psychological barrier to fraud if the ordering person knows that the dealer the confirmed Has phone number. For the dealer is also duality data storage and transmission, namely for one over the internet and over to the other the landline or mobile network, an advantage. Finally, the method according to the invention can be simply integrate into existing e-commerce applications, because only the usual Querying the data of the person ordering the phone number and the Code added must become. The method can be used regardless of the platform used (Win, Linux, Mac) can be used.

According to one embodiment of the method according to the invention is selected and Request the code in the form of a voicemail message. in this connection it can be a standardized message that is on the order automatically via a corresponding gateway is sent. With this voicemail message the customer is asked to place his order by entering the already over to confirm the code entered for the non-connection-oriented network. According to one alternative embodiment can dialing and requesting also in the form of a text message respectively. As is known, SMS is a service that is offered in the GSM network and is already being used extensively becomes.

Enter the confirmation code by the ordering person according to step f) can for example the keyboard of the telecommunication device assigned to the telecommunication connection takes place. The customer types over here the keyboard of his telecommunication device the numeric, alphanumeric or alphabetical codes and then press the corresponding confirmation button of his device (For example, the key that is often referred to as "OK" on mobile devices or in the case of landline devices with or "*"). This will send the code to the appropriate one Device of Dealer submitted, so that the detection of the same is effected. When the message arrives at the dealer this is immediately together with the landline number and, if necessary with the shipping date, time, etc. saved.

According to a further embodiment of the method according to the invention the code in step f) can also be entered via voice input. The ordering person simply speaks the code into the microphone your telecommunication device. Sending this confirmation message again by pressing the corresponding confirmation button or by spoken word. An analog / digital one takes place at the dealer Storing this message as described above, which is subsequently evaluated electronically or manually.

Through the described return of the code above the telecommunications network is the "call" from both the customer's network operator as well as from the dealer logged and can therefore be traced at any time. The procedure can be designed so that for the ordering person incurs no costs. the confirmation arise.

Preferably within the Order the data recorded in step a) via a data acquisition system (e.g. database, XML file, text file, etc.) verified. in this connection can be a verification in the broadest sense. So is, for example, a review of the specified address and name in relation to match conceivable. Furthermore, a check for negative data, such as For example, judicial dunning procedure, customer creditworthiness and so on, listed become.

If the comparison in step g) shows that the two codes transmitted by the ordering person in the different ways match, according to a particularly preferred embodiment, the non-connection or network sent a confirmation message, for example via e-mail. In this way, the customer receives confirmation that his order has arrived and has been accepted by the dealer.

As mentioned earlier, it can be beneficial to detected in steps a) and f) Codes separated, that is in different memories or at different addresses of the same memory.

It is expected that when in use of the method according to the invention a significant decline the so-called "charge back" in the credit card area takes place because the customer can no longer dispute, even that Order placed to have. The method according to the invention is not only used for credit card payments, but can also be used in conjunction with various other payment methods, such as direct debit, telephone or mobile phone bills and invoice.

Due to the bidirectional communication between Customer and dealer can clearly prove the legal conclusion of a contract become. The above the non-connection-oriented orders are for the dealer gapless verifiable.

Claims (11)

Authentication and / or authorization procedures a person as evidence of an order placed by the person for goods and / or services through dual data transmission via the Internet on the one hand and the landline or the mobile network on the other, comprising the following process steps: a) Capture of data associated with the person during the order, the data being a numerical, alphabetical or alphanumeric code and a phone number of one of the person assigned telecommunications connection, b) Capture the desired one Goods and / or services, c) Select the telecommunications connection with the captured phone number, d) Log the bidirectional communication with the telecommunications connection as Proof of the order, e) requesting the confirmation code exclusively via the Telecommunications access, without requesting further data recorded in step a), f) Capture a numerical, alphabetic or alphanumeric code via one assigned to the telecommunications connection telecommunications equipment the person, g) comparing the codes recorded under steps a) and f) and h) Accept the order if the codes match. A method according to claim 1, characterized in that steps a) and b) over the Internet done. A method according to claim 1 or 2, characterized in that that a call number of a mobile radio connection is recorded in step a). A method according to claim 1 or 2, characterized in that that the number of a landline connection is recorded in step a). Method according to one of the preceding claims, characterized marked that dialing and request in the form of a transmission a voicemail message. A method according to claim 3, characterized in that dialing and request in the form of a transmission an SMS message is sent. Method according to at least one of the above Expectations, characterized in that step f) on the keyboard of the assigned to the telecommunications connection telecommunications equipment he follows. Method according to at least one of the above Expectations 1 to 7, characterized in that step f) via voice input he follows. Method according to at least one of the above Expectations, characterized in that the data recorded in step a) over a Database to be verified. Method according to one of the preceding claims, characterized characterized that following Step g) over the non-connection-oriented network is sent a confirmation message. Method according to one of the preceding claims, characterized characterized in that the codes recorded in steps a) and f) can be saved separately.