EP1502174A1 - Procede pour authentifier et/ou autoriser une personne - Google Patents

Procede pour authentifier et/ou autoriser une personne

Info

Publication number
EP1502174A1
EP1502174A1 EP03727353A EP03727353A EP1502174A1 EP 1502174 A1 EP1502174 A1 EP 1502174A1 EP 03727353 A EP03727353 A EP 03727353A EP 03727353 A EP03727353 A EP 03727353A EP 1502174 A1 EP1502174 A1 EP 1502174A1
Authority
EP
European Patent Office
Prior art keywords
person
order
connection
provider
code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP03727353A
Other languages
German (de)
English (en)
Inventor
Alex Leporda
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Andawari GmbH
Original Assignee
Andawari GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=29264859&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=EP1502174(A1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Andawari GmbH filed Critical Andawari GmbH
Publication of EP1502174A1 publication Critical patent/EP1502174A1/fr
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/313User authentication using a call-back technique via a telephone network

Definitions

  • the invention relates to a method for authenticating and / or authorizing a
  • the trade in goods and / or services via the Internet is an increasingly growing economic sector.
  • the customer currently also has the option, for example, to book flights online via Internet travel agencies.
  • the payment for the goods and / or services requested over the Internet is currently mainly made by credit card, direct debit or cash on delivery, to a lesser extent in advance and against invoicing. Larger providers in particular prefer payment by credit card or direct debit.
  • SSL encryption secure socket layer
  • the customer In order to be able to use this system, the customer must obtain a "digital certificate" from his bank, with the help of which he can be clearly identified by the digital signature under his order (private / public key procedure). Conversely, the invoice bears the digital signature of the provider or dealer, so that the customer receives certainty about their identity.
  • the data is encrypted in a way that makes the credit card data invisible to the merchant, while the bank remains locked in on the goods or services - except for the price.
  • the disadvantage of this system is the higher computing time due to certification and encryption.
  • the encryption of credit card data makes it difficult for the merchant to collect information about the customer, which is particularly important for customer loyalty in e-commerce.
  • Many providers or dealers therefore reject the investment in SET.
  • Another problem in connection with the system mentioned is that the customer first has to download software, then install it locally on the computer, and obtain a SET certificate from his house bank (which clearly identifies him by means of an ID card). From the perspective of many customers, this is a cumbersome process, which prevents them from ordering online. For the reasons mentioned above, the SET process is only marginally accepted by customers and dealers alike.
  • a method of authentication is AI WO 01/54438, in which the authentication of a person who takes an order, for example, the Internet before ⁇ , carried by the telephone company, in which the person is registered with a mobile phone.
  • this presupposes necessarily mean that the telephone company has entered into with the seller of the goods and / or services a corresponding compassionver ⁇ contract. If this is not the case, the method disclosed in WO 01/54438 cannot be used. Furthermore, the method cannot be used in some countries, such as Germany, for data protection reasons, since the telephone companies are not authorized to pass on data to third parties without the telephone customer's consent.
  • WO 01/15381 AI discloses a method for authentication, in which the person is registered with a provider.
  • the person wants to use a service of the provider he must first log into the system of the provider by entering a first password and personal data. If the person wants to use services that are outside of the scope of services accessible from the first password, a telephone number of the person stored in the system is forwarded to a communication system, which calls the person via a second connection line and is asked to forward a second password to the communication system.
  • This second password is chosen arbitrarily and was either given to the person by the system of the provider, for example when logging in, or previously entered by the person himself in the system of the provider.
  • the second password detected by the communication system is forwarded to the system of the provider, which compares the second password with the stored second password. If the two passwords match, the person can use the desired services.
  • “authorizing” means determining the correspondence between the client and the person to be supplied.
  • orders under foreign names are to be avoided.
  • the recording of the data assigned to the person and an order for goods and / or services for the person in accordance with step a) and b) can be done on the one hand by recording an oral order and storing it on a storage medium, for example a hard disk of a PC, or also via a non-connection-oriented network, such as the Internet.
  • the goods and / or services are ordered in the usual way via the non-connection-oriented network, in particular the Internet:
  • the ordering person also uses his PC to provide the necessary data, such as name, delivery address, credit card number and so on, a.
  • the ordering person also enters the code of their choice, which can be a numeric, alphabetical or alphanumeric code.
  • the person is given a corresponding code during the ordering process by the provider or dealer. This code is used for later authentication.
  • Another fixed component of the data entered by the person ordered is the telephone number of a telecommunications connection assigned to the person. This can be, in particular, a mobile radio connection or a landline connection of the person concerned.
  • the query therefore does not have to be carried out via the non-connection-oriented network, for example the Internet. Rather, in parallel to the ordering process, a contact is made with the person via a separate communication medium, the telecommunications connection, the communication being logged.
  • the code fed in via the non-connection-oriented network and the code transmitted via the telecommunication device are compared.
  • the dealer can now be sure that the person ordering is identical to the person to whom the telecommunications connection is assigned.
  • the seller or merchant has proof of the order in the form of the logged telecommuni ⁇ tion connection with the person. Using the phone number, the ordering person can be clearly identified.
  • the person placing the order must provide data associated with the person each time he places an order, such as the name, delivery and billing address and the like, as well as a telephone number of a telecommunications connection assigned to the person. Furthermore, the person must either transmit an arbitrarily chosen code to the provider, or the person is given a corresponding code when ordering, which is arbitrarily determined by the provider and stored assigned to the number.
  • the method according to the invention also proposes as a further essential procedural step to simultaneously log the communication via the telecommunications connection between the provider of the goods and / or services receiving the order and the customer.
  • This protocol is used for the order receiving organizations provider as proof of the order, so that to the person who sanschluß telecommunications ⁇ clearly assigned, the evidence can be provided that a previously made order was confirmed by entering a code from this telecommunications connection. Due to the bidirectional communication between the person and the provider of the goods and / or services, the legal conclusion of a contract can be clearly demonstrated. The order that was placed, for example, via a non-connection-oriented network can thus be fully documented by the provider.
  • the method according to the invention does not require downloads or installations of third-party software. It is therefore an uncomplicated process for the user, which is why a high level of acceptance can be expected.
  • the means required for the process PC, telecommunication device such as telephone or cell phone) are widespread among the population.
  • Another advantage is the fact that there is evidence that there is a certain psychological barrier to fraud if the ordering person knows that the dealer has the confirmed number.
  • the method according to the invention can be easily integrated into existing e-commerce applications since only the usual query of the data of the person ordering the data needs to be supplemented by the telephone number and the code. The process can be used regardless of the platform used (Win, Linux, Mac).
  • the telephone number recorded during the order and, if applicable, the code entered by the person placing the order is transmitted from the provider accepting the order to an external verification body, which the person then subsequently uses Calls the transmitted number, asks for the code, the communication with the person is logged, the codes are compared and the result of the comparison is sent to the provider.
  • an external verification body which only transmits the phone number and, if necessary, the code previously entered by the person when placing the order, creates a neutral body for both the person placing the order and the retailer, who only carries out the verification process and logged.
  • the inclusion of this neutral instance has the advantage that the evidence provided by the instance can be accepted by both sides as evidence of an order that has been made or canceled.
  • the provider of the checking entity also transmits the code entered by the person when ordering the number when transmitting the number.
  • the verification entity itself, after having received the number from the provider, transmits to the provider a numerical, alphabetic or alphanumeric code assigned to the number, which code was previously determined arbitrarily by the verification entity and only assigned to this one order process.
  • the provider then transmits to the person this code specified by the verification body, which code is then transmitted back to the verification body by the person through the telecommunications connection when the code is verified.
  • the code is dialed and requested by sending a voicemail message.
  • a voicemail message This can be a standardized message that is automatically sent via an appropriate gateway when the order is placed.
  • the dialing and requesting can also take place by sending an SMS message.
  • SMS is a service that is offered in the GSM network and is already being used extensively.
  • the ordering person can enter the confirmation code in accordance with step f), for example, using the keyboard of the telecommunication device assigned to the telecommunication connection.
  • the customer types in the numeric, alphanumeric or alphabetic code on the keyboard of his telecommunication device and then presses the corresponding confirmation button on his device (for example, the button that is often referred to as "OK” on mobile devices, or in the case of landline devices with “# “or” * ").
  • the code is transmitted to the corresponding device of the dealer or the verification body, so that the latter can record the code.
  • the message arrives at the dealer or the verification body, the message is immediately saved together with the landline number and, if applicable, the shipping date, time, etc.
  • the code can also be entered in step f) by voice input.
  • the ordering person simply speaks the code into the microphone of their telecommunication device.
  • This confirmation message is again sent by pressing the corresponding confirmation key or by spoken word.
  • this message is stored in an analog / digital manner, as described above, which is subsequently evaluated electronically or manually.
  • the "call is logged both by the customer 's network operator as well as by the dealer or the verification body and can therefore be presented at any time as proof of the confirmation of the order.
  • the process can be designed so that for the person ordering does not incur any costs through the confirmation.
  • the data recorded in step a) are preferably verified via a data acquisition system (eg database, XML file, text file, etc.).
  • a data acquisition system eg database, XML file, text file, etc.
  • This can be a verification in the broadest sense. For example, a check of the specified address and the specified name with regard to correspondence is conceivable. Furthermore, a check for negative data, such as for example judicial dunning procedures, customer creditworthiness and the like.
  • step g) If the comparison in step g) shows that the two codes transmitted by the ordering person in the different ways match, a confirmation message, for example via e-mail, is sent via the non-connection-oriented network in accordance with a particularly preferred variant. In this way, the customer receives confirmation that his order has arrived and has been accepted by the dealer.
  • a confirmation message for example via e-mail
  • the method according to the invention can not only be used in the context of credit card payments, but can also be used in conjunction with various other payment methods, such as, for example, direct debit, telephone or mobile phone bills and invoices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

La présente invention concerne un procédé pour authentifier et/ou autoriser une personne afin de justifier une commande de produits et/ou de services passée par une personne. Ce procédé consiste à collecter des données attribuées lors de la commande par ladite personne, qui contiennent un numéro d'appel d'une connexion de télécommunication associée à la personne, ainsi que les produits et/ou les services souhaités par la personne, à composer le numéro d'appel afin d'établir la connexion de télécommunication, puis à consigner une communication bidirectionnelle établie au moyen de la connexion de télécommunication en tant que justification de la commande. Au cours de cette communication avec la personne, un code numérique, alphabétique ou alphanumérique entré par la personne lors de la commande ou transmis à la personne lors de la commande est demandé et est comparé au code précédemment entré par la personne ou transmis à la personne. Si les deux codes coïncident, la commande est acceptée.
EP03727353A 2002-04-26 2003-04-24 Procede pour authentifier et/ou autoriser une personne Ceased EP1502174A1 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE10218729 2002-04-26
DE2002118729 DE10218729B4 (de) 2002-04-26 2002-04-26 Verfahren zum Authentifizieren und/oder Autorisieren von Personen
PCT/EP2003/004275 WO2003091860A1 (fr) 2002-04-26 2003-04-24 Procede pour authentifier et/ou autoriser une personne

Publications (1)

Publication Number Publication Date
EP1502174A1 true EP1502174A1 (fr) 2005-02-02

Family

ID=29264859

Family Applications (1)

Application Number Title Priority Date Filing Date
EP03727353A Ceased EP1502174A1 (fr) 2002-04-26 2003-04-24 Procede pour authentifier et/ou autoriser une personne

Country Status (4)

Country Link
EP (1) EP1502174A1 (fr)
AU (1) AU2003233056A1 (fr)
DE (1) DE10218729B4 (fr)
WO (1) WO2003091860A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102009043264A1 (de) 2009-09-29 2011-03-31 Behr Gmbh & Co. Kg Wärmeübertrager
CN106971325A (zh) * 2016-01-14 2017-07-21 阿里巴巴集团控股有限公司 订单核销方法及服务器

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1065634A1 (fr) * 1999-07-02 2001-01-03 Mic Systems Système et méthode pour effectuer des transactions électroniques sécurisées à travers un réseau de communication ouvert
KR100392792B1 (ko) * 1999-08-21 2003-07-28 주식회사 다날 제 2접속경로를 이용한 사용자인증시스템 및 사용자인증방법
EP1208715A1 (fr) * 1999-08-31 2002-05-29 TELEFONAKTIEBOLAGET L M ERICSSON (publ) Syst me de s curit gsm pour r seaux de donn es en paquet
KR100407922B1 (ko) * 2000-01-18 2003-12-01 마이크로 인스펙션 주식회사 디지털 휴대폰을 이용한 인터넷에서의 인증방법
WO2001080525A1 (fr) * 2000-04-14 2001-10-25 Sun Microsystems, Inc. Securite acces reseau
GB2362489A (en) * 2000-05-15 2001-11-21 Tom Com Entpr Ltd Secure communication

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO03091860A1 *

Also Published As

Publication number Publication date
DE10218729B4 (de) 2004-05-27
AU2003233056A1 (en) 2003-11-10
DE10218729A1 (de) 2003-11-27
WO2003091860A1 (fr) 2003-11-06

Similar Documents

Publication Publication Date Title
EP1203357B1 (fr) Commerce electronique pour services d'envoi de messages courts
EP2476087B1 (fr) Système de paiement, système d'achat et procédé de réalisation d'une pluralité de processus de paiement
DE102008035391A1 (de) Verfahren zur Authentifizierung
WO2009003605A9 (fr) Carte prépayée ou de crédit virtuelle et procédé ainsi que système de fourniture de celle-ci et de gestion de paiement électronique
DE212010000059U1 (de) Veränderbarer Sicherheitswert
DE10156177A1 (de) Verfahren und Anordnung zur Durchführung einer bargeldlosen Zahlungstransaktion
EP1574007A1 (fr) Authentification automatique d'un terminal ou d'un utilisateur dans des reseaux de communication, en fonction de la connexion
WO2013067561A1 (fr) Procédé et dispositif pour effectuer des paiements scripturaux
WO2002043020A2 (fr) Procede et dispositif de transmission de donnees par telephones mobiles dans des operations de paiement par virements electroniques
WO2004034343A2 (fr) Procede pour executer un processus de paiement dans le domaine du commerce electronique
WO2005031667A1 (fr) Procede pour effectuer une transaction electronique
WO2004006198A1 (fr) Procede pour le paiement electronique d'une marchandise ou d'une prestation de service par utilisation d'un reseau de telephonie mobile et ensemble pour l'execution de ce procede
DE10218729B4 (de) Verfahren zum Authentifizieren und/oder Autorisieren von Personen
EP1081919A1 (fr) Méthode pour donner une autorisation pour le payment de biens et/ou services achetés sur Internet dans des réseaux de transmission de données
DE202019106383U1 (de) Elektronische Zahlungsvorrichtung
EP1175664B1 (fr) Procede pour distribuer des codes de valeur
EP1371038B1 (fr) Procede et dispositif permettant d'effectuer au moins une transaction a titre onereux
EP1277185B1 (fr) Procede pour reduire les risques dans des transactions de commerce electronique
DE10008280C1 (de) Verfahren und System zur automatischen Abwicklung von bargeldlosen Kaufvorgängen
DE60036417T2 (de) Verfahren zur durchführung von online kauftransaktionen
EP1274971A2 (fr) Procede de paiement securise de livraisons et de services dans des reseaux ouverts
DE10229619A1 (de) Verfahren zur Durchführung eines Zahlungsvorganges
DE10207932A1 (de) Datenverarbeitungssystem und Verfahren zur elektronischen Zahlungsvermittlung
DE10065067B4 (de) Verfahren zum Verifizieren nutzerspezifischer Informationen in einem Daten- und/oder Kommunikationssystem sowie Daten- und/oder Kommunikationssystem
DE10210792B4 (de) Verfahren und System zur Freischaltung eines kostenpflichtigen Mobilfunk- oder Online-Dienstes

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20041125

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL LT LV MK

17Q First examination report despatched

Effective date: 20050419

APBN Date of receipt of notice of appeal recorded

Free format text: ORIGINAL CODE: EPIDOSNNOA2E

APBR Date of receipt of statement of grounds of appeal recorded

Free format text: ORIGINAL CODE: EPIDOSNNOA3E

APAF Appeal reference modified

Free format text: ORIGINAL CODE: EPIDOSCREFNE

APAF Appeal reference modified

Free format text: ORIGINAL CODE: EPIDOSCREFNE

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

APBT Appeal procedure closed

Free format text: ORIGINAL CODE: EPIDOSNNOA9E

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20110906

POAG Date of filing of petition for review recorded

Free format text: ORIGINAL CODE: EPIDOSNPRV3

POAH Number of petition for review recorded

Free format text: ORIGINAL CODE: EPIDOSNPRV1

POAI Petitioner in petition for review recorded

Free format text: ORIGINAL CODE: EPIDOSNPRV2

POAJ Decision taken: petition for review obviously inadmissible, or obviously inadmissible and unsubstantiated

Free format text: ORIGINAL CODE: 0009155

PRVN Petition for review not allowed

Free format text: PETITION FOR REVIEW OBVIOUSLY UNSUBSTANTIATED

Effective date: 20121023