EP2425389A1 - Method for suspending and activating a service in a mobile network - Google Patents

Method for suspending and activating a service in a mobile network

Info

Publication number
EP2425389A1
EP2425389A1 EP10727067A EP10727067A EP2425389A1 EP 2425389 A1 EP2425389 A1 EP 2425389A1 EP 10727067 A EP10727067 A EP 10727067A EP 10727067 A EP10727067 A EP 10727067A EP 2425389 A1 EP2425389 A1 EP 2425389A1
Authority
EP
European Patent Office
Prior art keywords
service
mobile communication
communication terminal
platform
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP10727067A
Other languages
German (de)
French (fr)
Inventor
Thomas Bourgeois
Pierre De Chastellier
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dhatim SARL
Original Assignee
Dhatim SARL
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dhatim SARL filed Critical Dhatim SARL
Publication of EP2425389A1 publication Critical patent/EP2425389A1/en
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/16Payments settled via telecommunication systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • G06Q20/3255Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks using mobile network messaging services for payment, e.g. SMS
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices

Definitions

  • the present invention relates to a method for a mobile communication terminal belonging to the network of a mobile operator to suspend or activate a service provided by a service platform.
  • service is meant a software module to be downloaded or used online, a feature or any other application accessible via a mobile communication terminal.
  • These services can be send and receive emails, connect to the Internet, download files, ...
  • a user when a user wishes to access a service by means of his mobile communication terminal such as a mobile phone or an advanced smart phone, he contacts the provider of this service via the Internet. on the provider's website, by email or by telephone to request the activation of the service.
  • his mobile communication terminal such as a mobile phone or an advanced smart phone
  • the present invention aims at a new method for effectively managing such a service.
  • a mobile communication terminal belonging to the network of a mobile operator to suspend or activate a service provided by a service platform.
  • the method comprises the following steps:
  • the invoicing is updated instantaneously and it is thus possible to bill only the actual consumption.
  • granularity in billing is more accurate than in the case of conventional billing where a service is billed at one time and in an indivisible manner.
  • the cost of this service may be based on a duration of use, a number of uses or a volume of data.
  • the method further comprises the following authentication steps:
  • This first authentication can in particular take into account cryptographic secrets contained in a memory contained in the mobile communication terminal, in particular in a SIM card.
  • the SIM card (for "Subscriber Identity Module” in English) is an electronic chip containing a microcontroller and memory. She stores user-specific information. Thus authentication is done from encrypted data from a physical device.
  • this first authentication can take into account a confidential code entered by the user on his mobile communication terminal.
  • the mobile communication terminal is equipped with a biometric characteristics reader, in particular a fingerprint reader and / or a fundus reader, and this reader is used to enable strong authentication of the user.
  • a biometric characteristics reader in particular a fingerprint reader and / or a fundus reader
  • the various authentication modes described here are not exclusive of one another, and, according to the particular embodiment of the invention, it will be possible to authenticate either only the terminal used, or only the user, or the two.
  • the authentication of the user, when it is required, can also be done either by a code entered at the terminal, or by reading one or more biometric characteristics (fingerprint, fundus, etc.). ) by both simultaneously.
  • the user is clearly authenticated and the fact of using a signaling channel makes it possible to consume few network resources and especially to transmit information in a secure manner.
  • the request for suspension or activation is transmitted via a data channel of the mobile network of the operator.
  • the authentication request is a short text message according to SMS technology or an unstructured message according to USSD technology.
  • SMS technology for "Short Message Service” in English
  • GSM Global System for Mobile communications
  • GPRS Universal Mobile Radio Service
  • UMTS Universal Mobile Broadband
  • USSD Unstructured Supplementary Service Data
  • the method also comprises a step during which the service platform transmits a notification to the operator's server platform if the service platform does not receive a message from the service provider. the portion of the operator's server platform beyond a predetermined time with respect to the step of transmitting a request for suspension or activation of the service.
  • the service platform monitors this period of validity and interrupts the service when this period of validity is expired.
  • the service platform may transmit to the mobile communication terminal a message containing a transaction number identifying this request for suspension or activation of the service.
  • the service platform comprises at least one multimedia service server and a gateway between the operator's server platform and the multimedia service server, the gateway executing all the communication steps with the service server.
  • the gateway can thus interface service between the operator and the mobile communication terminal on the one hand, and several multimedia service servers on the other hand.
  • the gateway records the operational state of each service accessible by the user; at each change of state, the gateway transmits this change of state to the mobile communication terminal.
  • the mobile communication terminal indicates the operational state of this service by means of a graphic icon on a screen of the mobile communication terminal.
  • the operational state can include the following states: activated, suspended, and not activated.
  • the invention also relates to a system for accessing a service comprising a service platform, a server platform of a mobile network operator and a mobile communication terminal; according to the invention: the service platform comprises a server application, and
  • the mobile communication terminal comprises a client application associated with said server application by a client-server type communication; the client and server applications being configured so that an access by the mobile communication terminal to a service of the service platform is performed using the method as described above.
  • the invention also relates to a mobile communication terminal comprising functionalities for authenticating it when accessing a service platform by implementing the method that is the subject of the present invention.
  • the terminal may include a client application for authenticating the user of the mobile terminal with the service platform and the server platform of the operator from data contained in a memory of said mobile communication terminal.
  • the client application can be set to generate:
  • a first data stream for a first upstream authentication for example of the operator's server platform via a first communication channel
  • a second data stream for additional authentication with, for example, the service platform via a second communication channel.
  • the first channel and the second channel may be the same. But preferably, the first channel is a signaling channel, the second channel being a data channel.
  • the terminal includes a memory containing cryptographic secrets used during said first authentication. This memory is in particular contained in a SIM card.
  • the client application is advantageously configured to take into account a PIN entered on the mobile communication terminal by the user and / or a biometric characteristic of the user, in particular a fingerprint and / or a fundus, when the first authentication.
  • FIG. 1 is a general view of a system implementing a method according to the invention
  • FIG. 2 is a general view of a diagram illustrating steps of the method according to the invention as a function of each entity;
  • FIG. 3 is a general view of a process for suspending and activating a service according to the invention,
  • FIG. 4 is a general view of a diagram illustrating steps of the process of suspending and activating a service according to the invention as a function of each entity;
  • FIG. 5 is a general view illustrating a process of FIG. secure authentication using a data channel and a signaling channel according to the invention, and
  • FIG. 6 is a general view of an XML schema and associated metadata.
  • FIG. 1 we see a platform A servers of a mobile operator.
  • the mobile telephone B comprises software and hardware means enabling it to access the mobile network of the operator.
  • the telephone B comprises a client application capable of communicating with a server application within a service platform C.
  • These applications are contained in conventional storage means, and can be managed by an operating system using a microcontroller or microprocessor (not shown).
  • the service platform C offers many services accessible to the user of the mobile phone B.
  • this service can be a "push mail” service for receiving 100 emails over a period of 30 days.
  • the "push mail” service allows you to constantly scan the arrival of new e-mail messages. Any new incoming email is forwarded ("pushed") to the phone ("smart phone").
  • the user sends in step 1 in FIGS. 1 and 2 a verification request to the service platform C.
  • This verification request may contain an identifier of the desired service as well as an identifier of the user.
  • the service platform C verifies that the user is able to use this service and transmits a message of agreement to the mobile phone B.
  • the client application of the telephone B transmits a transactional request to the operator platform A.
  • This request may be an MMS message, or a URL type address, containing information relating to the service. to the service platform, and data from a SIM card of the telephone B.
  • the transactional request is a premium-rate SMS message or an overtaxed USSD message with information about the required service, the service platform, and data from a SIM card of the telephone B so as to authenticate the user.
  • the client application has pricing for different services, it can include the cost of the required service in the transaction request. But, one can also predict that the cost of this service is communicated by the service platform during step 1 of verification.
  • one or more SMS messages are sent whose total amount equals the cost of the required service.
  • the SMS sending number is a number associated with the service platform C.
  • the transaction request is received by an SMS management server D within the operator platform A.
  • the user is then authenticated from the data of the SIM card, then the charging is carried out within an accounting server E within the operator platform A.
  • This accounting server E holds an account of the user thus authenticated. This is the account normally used for billing the mobile communications of the user. Thus, the purchase of a service does not require the opening of an account with the service platform C.
  • This account can advantageously be a prepaid account where the user has a credit balance. This account will then be debited with an amount equal to the cost of the required service. In fact, the accounting server E manages this purchase of service as if it were the consumption of one or more premium SMS messages.
  • step 3 the platform A transmits a message of agreement on the authentication and the taxation towards the platform of services C. This then activates the required service. The user can then send and receive emails. It is also expected to send a service confirmation message activated from the service platform C to the telephone B.
  • a variant of the invention is the dashed step 4 in FIGS. 1 and 2, where charging is done in response to a payment request from the service platform C after activation of the service.
  • the service platform C may comprise a gateway C1 enclosing said server application capable of communicating with the client application and the operator platform A, as well as a plurality of multimedia servers C2-C4 each offering services . It can be seen in FIG. 1 that step 5 corresponds to the step where the telephone B accesses the required service from one of the multimedia servers C2, for example via the Internet.
  • a service suspension and activation process is provided.
  • the same elements bear the same references as in FIG. 1. It is in the case where the user has subscribed to a "push mail" service for receiving 100 emails over a period of 30 days, and that he has already consumed 80 emails in 10 days. He then wishes to suspend his service for 10 days in order to be able to use it during the last 10 days where he foresees the reception of important messages.
  • the client application of the telephone B transmits a service suspension request to the service platform C. The latter identifies the user from data present in the service platform. request for suspension.
  • the client application of the telephone B transmits in step one an SMS message to the SMS management server D within the operator platform A.
  • This management server D authenticates the user from the data of the SIM card sent with the SMS message, then transmits an agreement message to the service platform C in step 2.
  • the user is thus definitely authenticated within the service platform C and the push mail service. Can be suspended.
  • the service platform C confirms the suspension of the service with the accounting server E of the operator platform A in step 3. This is an update.
  • a provisional billing can be established with the effective consumption of the service and not the whole of the service.
  • the service platform continues to monitor the period of validity of the service, that is to say the 30 days, and can send reminder messages before the end of this period.
  • the user may want to reactivate his "push mail" service to consume his last 20 emails. It then performs the same operations as those described above for Figures 3 and 4, but in the context of a service activation request.
  • the process is greatly secured by the fact that communication is provided between the telephone B and the service platform C via a data channel, in particular via the Internet, while the communication between the telephone B and the operator platform A for sending SMS is via a signaling channel, the latter being a very proven channel, secure and to recover the data from the SIM card. It is therefore possible to carry out steps 1 and 1 in parallel fashion since they are two separate channels. Two separate communication channels are thus used to authenticate the user.
  • FIG. 5 we see a secure authentication process using a data channel 10 and a signaling channel 11 according to the invention.
  • the client application 12 housed in the telephone B communicates with the server application 13 housed within the service platform C, via the Internet.
  • the data exchanged transit via the data channel 10 from the telephone B. This connection via the Internet is not completely secure.
  • the signaling channel 11 is used to communicate between the client application 12 and a billing application 14 housed within the operator platform A, preferably in the server It is through this secure connection via the mobile network of the operator that the transactional request, such as a premium SMS, or the authentication request is transited.
  • the operator platform is therefore able to detect the data of the SIM card of the user of the telephone B, authenticate the user, possibly manage the charging or the billing, and then transmit a message of agreement or not to the platform of services via Internet.
  • a new mode of communication of XML files is provided which is used to update the client application from the server application.
  • a synchronization is performed.
  • an XML file is sent to the client application.
  • the method according to the invention provides for sending an identification number of the XML schema with the data. Only if the client application does not have this XML schema would the server application send the XML schema in response to the request from the client application.
  • a server application is therefore provided that can identify XML schemas by identification numbers, and generate an XML file containing not the associated XML schema but only an identification number next to the data.
  • the client application is able to save different XML schemas, each being identified with the same identification number as that provided by the server application.
  • Figure 6 we see a simplified example of an XML schema containing metadata and an example of associated data. We see that we achieve a considerable bandwidth gain if we manage to save the systematic sending of XML schemas that have a much larger size than the data.
  • Potential applications of the method, object of the present invention are numerous, and are not limited to services directly related to a mobile communication terminal.
  • the invention can be implemented whenever it is necessary to activate, deactivate, suspend or modify any service.
  • the invention finds a particularly interesting application in the field of access to pay television channels, including channels broadcast cable, ADSL or satellite, when the user wishes, with immediate effect, activate or suspend the access to a channel. He will then use his mobile communication terminal to transmit his request by implementing the present invention.
  • Another particularly interesting application of the invention lies in the field of car navigators (using in particular so-called GPS systems), offering certain complementary services such as real-time access to traffic information, in order to determine optimal route.
  • the invention offers the user the possibility, with immediate effect, of enabling or disabling access to such a supplementary service, in particular when, during a trip, he arrives in a region to which he had not subscribed to this service. He will then use his mobile communication terminal to transmit his request by implementing the present invention.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Finance (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention relates to a client-server method in the domain of networks for mobiles. The method according to the invention comprises a client application housed in a "smart phone" in a mobile network, and a server application housed in a services server. Provision is made for a request for the suspension or activation of the service and an authentication of the user of the "smart phone" with the operator of the mobile network via a signalling channel. The invention also relates to a system and a terminal comprising functionalities for implementing the method according to the invention.

Description

" Procédé de suspension et d'activation d'un service dans un réseau mobile." "Method of suspending and activating a service in a mobile network."
La présente invention concerne un procédé permettant à un terminal de communication mobile appartenant au réseau d'un opérateur de téléphonie mobile de suspendre ou activer un service fourni par une plateforme de services.The present invention relates to a method for a mobile communication terminal belonging to the network of a mobile operator to suspend or activate a service provided by a service platform.
Elle trouve une application particulièrement intéressante, mais non exclusivement, dans des terminaux de type Blackberry® de la société RIM®, des téléphones Nokia®, Iphone®,.. où il est possible d'accéder à des services en ligne ou hors ligne. Par service on entend un module logiciel à télécharger ou à utiliser en ligne, une fonctionnalité ou toute autre application accessible via un terminal de communication mobile. Ces services peuvent être de type envoi et réception d'emails, connexion à Internet, téléchargement de fichiers,...It finds a particularly interesting application, but not exclusively, in Blackberry® terminals of the RIM® company, Nokia® phones, Iphone®, .. where it is possible to access services online or offline. By service is meant a software module to be downloaded or used online, a feature or any other application accessible via a mobile communication terminal. These services can be send and receive emails, connect to the Internet, download files, ...
D'une façon générale, lorsqu'un utilisateur souhaite accéder à un service au moyen de son terminal de communication mobile tel qu'un téléphone mobile ou un téléphone mobile évolué de type « smart phone », il contacte le fournisseur de ce service par internet sur le site du fournisseur, par email ou par téléphone afin de demander l'activation du service.Generally speaking, when a user wishes to access a service by means of his mobile communication terminal such as a mobile phone or an advanced smart phone, he contacts the provider of this service via the Internet. on the provider's website, by email or by telephone to request the activation of the service.
La présente invention a pour but un nouveau procédé permettant de gérer efficacement un tel service.The present invention aims at a new method for effectively managing such a service.
Selon l'invention, il est proposé un procédé permettant à un terminal de communication mobile appartenant au réseau d'un opérateur de téléphonie mobile de suspendre ou activer un service fourni par une plateforme de services. Le procédé comprend les étapes suivantes :According to the invention, there is provided a method allowing a mobile communication terminal belonging to the network of a mobile operator to suspend or activate a service provided by a service platform. The method comprises the following steps:
- transmission d'une requête de suspension ou d'activation dudit service depuis le terminal de communication mobile vers la plateforme de services,transmitting a request for suspension or activation of said service from the mobile communication terminal to the service platform,
- identification de l'utilisateur du terminal de communication mobile au sein de la plateforme de services, - suspension ou activation dudit service au sein de la plateforme de services,- identification of the user of the mobile communication terminal within the service platform, - suspension or activation of the service within the service platform,
- transmission d'un message de suspension ou d'activation de la facturation dudit service vers la plateforme de serveurs de l'opérateur, un compte de facturation de l'utilisateur étant contenu dans cette plateforme de serveurs de l'opérateur.transmitting a message for suspending or activating the billing of said service to the operator's server platform, a user's billing account being contained in this operator's server platform.
Par ailleurs, l'ensemble des étapes de ce procédé est effectué en temps réel, ce qui signifie que la suspension ou l'activation est immédiate. Par temps réel, on entend une réalisation des étapes en quelques secondes voire quelques minutes en fonction du temps de latence des systèmes d'informations et du réseau mobile.Furthermore, all the steps of this method is performed in real time, which means that the suspension or activation is immediate. In real time, we mean a completion of the steps in a few seconds or even minutes depending on the latency of the information systems and the mobile network.
Avantageusement, on met à jour de façon instantanée la facturation et on peut ainsi ne facturer que la consommation effective. On obtient donc une granularité dans la facturation plus précise que dans le cas d'une facturation conventionnelle où un service est facturé en une seule fois et de façon indivisible.Advantageously, the invoicing is updated instantaneously and it is thus possible to bill only the actual consumption. Thus, granularity in billing is more accurate than in the case of conventional billing where a service is billed at one time and in an indivisible manner.
Le coût de ce service peut être fonction d'une durée d'utilisation, d'un nombre d'utilisation ou d'un volume de données.The cost of this service may be based on a duration of use, a number of uses or a volume of data.
Selon un mode de réalisation avantageux de l'invention, lors de l'identification de l'utilisateur, le procédé comprend en outre des étapes d'authentification suivantes :According to an advantageous embodiment of the invention, during the identification of the user, the method further comprises the following authentication steps:
- transmission d'une requête d'authentification de l'utilisateur depuis le terminal de communication mobile vers une plateforme de serveurs de l'opérateur via un canal de signalisation du réseau mobile de l'opérateur,transmitting a user authentication request from the mobile communication terminal to a server platform of the operator via a signaling channel of the mobile network of the operator,
- première authentification de l'utilisateur et/ou du terminal de communication mobile au sein de la plateforme de serveurs de l'opérateur, etfirst authentication of the user and / or the mobile communication terminal within the operator's server platform, and
- authentification complémentaire de l'utilisateur et/ou du terminal de communication mobile au sein de la plateforme de services à partir de données contenues dans la requête de communication et un message d'accord provenant de la plateforme de serveurs de l'opérateur.- Complementary authentication of the user and / or the mobile communication terminal within the service platform from data contained in the communication request and an agreement message from the operator's server platform.
Cette première authentification peut notamment prendre en compte des secrets cryptographiques contenus dans une mémoire contenue dans le terminal de communication mobile, notamment dans une carte SIM. La carte SIM (pour « Subscriber Identity Module » en anglais) est une puce électronique contenant un microcontrôleur et de la mémoire. Elle stocke des informations spécifiques à l'utilisateur. Ainsi l'authentification s'effectue à partir de données cryptées provenant d'un équipement physique.This first authentication can in particular take into account cryptographic secrets contained in a memory contained in the mobile communication terminal, in particular in a SIM card. The SIM card (for "Subscriber Identity Module" in English) is an electronic chip containing a microcontroller and memory. She stores user-specific information. Thus authentication is done from encrypted data from a physical device.
Dans un mode particulier de réalisation de l'invention, cette première authentification peut prendre en compte un code confidentiel entré par l'utilisateur sur son terminal de communication mobile. Dans un mode particulier de réalisation de l'invention le terminal de communication mobile est équipé d'un lecteur de caractéristiques biométriques, notamment un lecteur d'empreintes digitales et/ou un lecteur de fond d'œil, et ce lecteur est utilisé pour permettre une authentification forte de l'utilisateur. Les divers modes d'authentifications décrits ici ne sont pas exclusifs d'un de l'autre, et, selon le mode particulier de réalisation de l'invention, on pourra authentifier soit uniquement le terminal utilisé, soit uniquement l'utilisateur, soit les deux. L'authentification de l'utilisateur, lorsqu'elle est requise, peut elle aussi se faire soit par un code entré au terminal, soit par la lecture d'une ou plusieurs caractéristiques biométriques (empreinte digitale, fond d'œil, ...) soit par les deux simultanément.In a particular embodiment of the invention, this first authentication can take into account a confidential code entered by the user on his mobile communication terminal. In a particular embodiment of the invention the mobile communication terminal is equipped with a biometric characteristics reader, in particular a fingerprint reader and / or a fundus reader, and this reader is used to enable strong authentication of the user. The various authentication modes described here are not exclusive of one another, and, according to the particular embodiment of the invention, it will be possible to authenticate either only the terminal used, or only the user, or the two. The authentication of the user, when it is required, can also be done either by a code entered at the terminal, or by reading one or more biometric characteristics (fingerprint, fundus, etc.). ) by both simultaneously.
Ainsi, l'utilisateur est clairement authentifié et le fait d'utiliser un canal de signalisation permet de consommer peu de ressources réseaux et surtout transmettre des informations de façon sécurisée.Thus, the user is clearly authenticated and the fact of using a signaling channel makes it possible to consume few network resources and especially to transmit information in a secure manner.
De préférence, la requête de suspension ou d'activation est transmise via un canal de données du réseau mobile de l'opérateur.Preferably, the request for suspension or activation is transmitted via a data channel of the mobile network of the operator.
Avantageusement, la requête d'authentification est un message textuel court selon la technologie SMS ou un message non structuré selon la technologie USSD. La technologie SMS (pour « Short Message Service » en anglais) disponible notamment dans les réseaux de type GSM, GPRS ou UMTS, permet de transmettre et de recevoir de courts messages textuels véhiculés par un canal de signalisation qui est différent des canaux logiques de transmission de la voix et des données. La technologie USSD (pour « Unstructured Supplementary Service Data » en anglais) permet l'échange rapide de données sous format texte via un canal de signalisation tout comme le SMS. Elle est supportée par les réseaux de type GSM, GPRS ou UMTS notamment. Selon un mode de mise en œuvre de l'invention, le procédé comprend en outre une étape au cours de laquelle la plateforme de services transmet une notification vers la plateforme de serveurs de l'opérateur si la plateforme de services ne reçoit pas de message de la part de la plateforme de serveurs de l'opérateur au-delà d'un délai prédéterminé par rapport à l'étape de transmission d'une requête de suspension ou d'activation du service.Advantageously, the authentication request is a short text message according to SMS technology or an unstructured message according to USSD technology. The SMS technology (for "Short Message Service" in English) available in particular in networks of GSM, GPRS or UMTS type, makes it possible to transmit and receive short text messages conveyed by a signaling channel which is different from the logical transmission channels. voice and data. USSD (Unstructured Supplementary Service Data) technology enables the rapid exchange of data in text format via a signaling channel just like SMS. It is supported by networks such as GSM, GPRS or UMTS. According to one embodiment of the invention, the method also comprises a step during which the service platform transmits a notification to the operator's server platform if the service platform does not receive a message from the service provider. the portion of the operator's server platform beyond a predetermined time with respect to the step of transmitting a request for suspension or activation of the service.
Selon une caractéristique avantageuse de l'invention, lorsque ledit service est associé à une durée de validité prédéterminée, la plateforme de services surveille cette durée de validité et interrompt le service lorsque cette durée de validité est expirée.According to an advantageous characteristic of the invention, when said service is associated with a predetermined period of validity, the service platform monitors this period of validity and interrupts the service when this period of validity is expired.
Avantageusement, en réponse à la requête de suspension ou d'activation dudit service, la plateforme de services peut émettre vers le terminal de communication mobile un message contenant un numéro de transaction identifiant cette requête de suspension ou d'activation du service.Advantageously, in response to the request for suspension or activation of said service, the service platform may transmit to the mobile communication terminal a message containing a transaction number identifying this request for suspension or activation of the service.
Selon un autre aspect de l'invention, la plateforme de services comprend au moins un serveur de services multimédia et une passerelle entre la plateforme de serveurs de l'opérateur et le serveur de services multimédia, la passerelle exécutant toutes les étapes de communication avec le terminal de communication mobile et avec la plateforme de serveurs de l'opérateur. La passerelle peut ainsi service d'interface entre l'opérateur et le terminal de communication mobile d'une part, et plusieurs serveurs de service multimédia d'autre part.According to another aspect of the invention, the service platform comprises at least one multimedia service server and a gateway between the operator's server platform and the multimedia service server, the gateway executing all the communication steps with the service server. mobile communication terminal and with the operator's server platform. The gateway can thus interface service between the operator and the mobile communication terminal on the one hand, and several multimedia service servers on the other hand.
Avantageusement, pour chaque utilisateur, la passerelle enregistre l'état opérationnel de chaque service accessible par l'utilisateur ; à chaque changement d'état, la passerelle transmet ce changement d'état vers le terminal de communication mobile. Par ailleurs, pour chaque service accessible par l'utilisateur, le terminal de communication mobile indique l'état opérationnel de ce service au moyen d'une icône graphique sur un écran du terminal de communication mobile. L'état opérationnel peut comprendre les états suivants : activé, suspendu, et non activé.Advantageously, for each user, the gateway records the operational state of each service accessible by the user; at each change of state, the gateway transmits this change of state to the mobile communication terminal. Moreover, for each service accessible by the user, the mobile communication terminal indicates the operational state of this service by means of a graphic icon on a screen of the mobile communication terminal. The operational state can include the following states: activated, suspended, and not activated.
L'invention concerne aussi un système d'accès à un service comprenant une plateforme de services, une plateforme de serveurs d'un opérateur de réseau mobile et un terminal de communication mobile ; selon l'invention : - la plateforme de services comprend une application serveur, etThe invention also relates to a system for accessing a service comprising a service platform, a server platform of a mobile network operator and a mobile communication terminal; according to the invention: the service platform comprises a server application, and
- le terminal de communication mobile comprend une application client associée à ladite application serveur par une communication de type client- serveur ; les applications client et serveur étant paramétrées pour qu'un accès par le terminal de communication mobile à un service de la plateforme de services soit réalisé en utilisant le procédé tel que décrit précédemment.the mobile communication terminal comprises a client application associated with said server application by a client-server type communication; the client and server applications being configured so that an access by the mobile communication terminal to a service of the service platform is performed using the method as described above.
L'invention concerne aussi un terminal de communication mobile comprenant des fonctionnalités permettant de l'authentifier lors d'un accès à une plateforme de services en mettant en œuvre le procédé objet de la présente invention.The invention also relates to a mobile communication terminal comprising functionalities for authenticating it when accessing a service platform by implementing the method that is the subject of the present invention.
Avantageusement, ce terminal peut comprendre une application client permettant d'authentifier l'utilisateur du terminal mobile auprès de la plateforme de services et de la plateforme de serveurs de l'opérateur à partir de données contenues dans une mémoire dudit terminal de communication mobile. L'application client peut être paramétrée de façon à générer :Advantageously, the terminal may include a client application for authenticating the user of the mobile terminal with the service platform and the server platform of the operator from data contained in a memory of said mobile communication terminal. The client application can be set to generate:
- un premier flux de données pour une première authentification au près par exemple de la plateforme de serveurs de l'opérateur via un premier canal de communication, eta first data stream for a first upstream authentication for example of the operator's server platform via a first communication channel, and
- un second flux de données pour une authentification complémentaire auprès par exemple de la plateforme de services via un second canal de communication.a second data stream for additional authentication with, for example, the service platform via a second communication channel.
Le premier canal et le second canal peuvent être identiques. Mais de préférence, le premier canal est un canal de signalisation, le second canal étant un canal de données. Par ailleurs, le terminal comprend une mémoire contenant des secrets cryptographiques utilisés lors de ladite première authentification. Cette mémoire est notamment contenue dans une carte SIM. L'application client est avantageusement paramétrée pour prendre en compte un code confidentiel entré sur le terminal de communication mobile par l'utilisateur et/ou une caractéristique biométrique de l'utilisateur, notamment une empreinte digitale et/ou un fond d'œil, lors de la première authentification.The first channel and the second channel may be the same. But preferably, the first channel is a signaling channel, the second channel being a data channel. In addition, the terminal includes a memory containing cryptographic secrets used during said first authentication. This memory is in particular contained in a SIM card. The client application is advantageously configured to take into account a PIN entered on the mobile communication terminal by the user and / or a biometric characteristic of the user, in particular a fingerprint and / or a fundus, when the first authentication.
D'autres avantages et caractéristiques de l'invention apparaîtront à l'examen de la description détaillée d'un mode de mise en œuvre, donné à titre d'exemple nullement limitatif des possibilités de la présente invention, et des dessins annexés, sur lesquels : - La figure 1 est une vue générale d'un système mettant en œuvre un procédé selon l'invention,Other advantages and characteristics of the invention will appear on examining the detailed description of an embodiment, given as a non-limiting example of the possibilities of the present invention, and the appended drawings, in which: : FIG. 1 is a general view of a system implementing a method according to the invention,
- La figure 2 est une vue générale d'un diagramme illustrant des étapes du procédé selon l'invention en fonction de chaque entité, - La figure 3 est une vue générale d'un processus de suspension et d'activation d'un service selon l'invention,FIG. 2 is a general view of a diagram illustrating steps of the method according to the invention as a function of each entity; FIG. 3 is a general view of a process for suspending and activating a service according to the invention,
- La figure 4 est une vue générale d'un diagramme illustrant des étapes du processus de suspension et d'activation d'un service selon l'invention en fonction de chaque entité, - La figure 5 est une vue générale illustrant un processus d'authentification sécurisé par utilisation d'un canal de données et d'un canal de signalisation selon l'invention, etFIG. 4 is a general view of a diagram illustrating steps of the process of suspending and activating a service according to the invention as a function of each entity; FIG. 5 is a general view illustrating a process of FIG. secure authentication using a data channel and a signaling channel according to the invention, and
- La figure 6 est une vue générale d'un schéma XML et de métadonnées associées.FIG. 6 is a general view of an XML schema and associated metadata.
Sur la figure 1 on voit une plateforme A de serveurs d'un opérateur mobile. Le téléphone mobile B comprend des moyens logiciels et matériels lui permettant d'accéder au réseau mobile de l'opérateur. En particulier, le téléphone B comprend une application client capable de communiquer avec une application serveur au sein d'une plateforme de services C. Ces applications sont contenues dans des moyens de stockage conventionnels, et peuvent être gérées par un système d'exploitation au moyen d'un microcontrôleur ou microprocesseur (non représentés).In Figure 1 we see a platform A servers of a mobile operator. The mobile telephone B comprises software and hardware means enabling it to access the mobile network of the operator. In particular, the telephone B comprises a client application capable of communicating with a server application within a service platform C. These applications are contained in conventional storage means, and can be managed by an operating system using a microcontroller or microprocessor (not shown).
La plateforme de services C offre de nombreux services accessibles à l'utilisateur du téléphone mobile B. A titre d'exemple, ce service peut être un service « push mail » pour la réception de 100 emails sur une période de 30 jours. Le service « push mail » permet de scruter en permanence l'arrivée de nouveaux messages électroniques. Tout nouvel email entrant est transféré (« pushed ») vers le téléphone (« smart phone »). Pour souscrire à un tel service, l'utilisateur envoie à l'étape 1 sur les figures 1 et 2, une requête de vérification vers la plateforme de services C. Cette requête de vérification peut contenir un identifiant du service souhaité ainsi qu'un identifiant de l'utilisateur. La plateforme de services C vérifie que l'utilisateur est apte à utiliser ce service et transmet un message d'accord vers le téléphone mobile B. A l'étape 2 sur les figures 1 et 2, l'application client du téléphone B transmet une requête transactionnelle vers la plateforme opérateur A. Cette requête peut être un message MMS, ou une adresse de type URL, contenant des informations relatives au service requis, à la plateforme de services, et des données d'une carte SIM du téléphone B. De préférence, la requête transactionnelle est un message SMS surtaxé ou un message USSD surtaxé avec des informations relatives au service requis, à la plateforme de services, et des données d'une carte SIM du téléphone B de façon à authentifier l'utilisateur. Si l'application client possède une tarification des différents services, elle peut inclure dans la requête transactionnelle le coût du service requis. Mais, on peut aussi prévoir que le coût de ce service est communiqué par la plateforme de services lors de l'étape 1 de vérification. En fonction du coût du service et de la valeur d'un SMS surtaxé, on envoie un ou plusieurs SMS dont le montant total égale le coût du service requis. Avantageusement, le numéro d'envoi du SMS est un numéro associé à la plateforme de services C.The service platform C offers many services accessible to the user of the mobile phone B. For example, this service can be a "push mail" service for receiving 100 emails over a period of 30 days. The "push mail" service allows you to constantly scan the arrival of new e-mail messages. Any new incoming email is forwarded ("pushed") to the phone ("smart phone"). To subscribe to such a service, the user sends in step 1 in FIGS. 1 and 2 a verification request to the service platform C. This verification request may contain an identifier of the desired service as well as an identifier of the user. The service platform C verifies that the user is able to use this service and transmits a message of agreement to the mobile phone B. In step 2 in FIGS. 1 and 2, the client application of the telephone B transmits a transactional request to the operator platform A. This request may be an MMS message, or a URL type address, containing information relating to the service. to the service platform, and data from a SIM card of the telephone B. Preferably, the transactional request is a premium-rate SMS message or an overtaxed USSD message with information about the required service, the service platform, and data from a SIM card of the telephone B so as to authenticate the user. If the client application has pricing for different services, it can include the cost of the required service in the transaction request. But, one can also predict that the cost of this service is communicated by the service platform during step 1 of verification. Depending on the cost of the service and the value of an overtaxed SMS, one or more SMS messages are sent whose total amount equals the cost of the required service. Advantageously, the SMS sending number is a number associated with the service platform C.
La requête transactionnelle est réceptionnée par un serveur D de gestion de SMS au sein de la plateforme opérateur A. L'utilisateur est alors authentifié à partir des données de la carte SIM, puis on réalise la taxation au sein d'un serveur de comptabilité E au sein de la plateforme opérateur A. Ce serveur de comptabilité E détient un compte de l'utilisateur ainsi authentifié. Il s'agit du compte normalement utilisé pour la facturation des communications mobiles de l'utilisateur. Ainsi, l'achat d'un service ne nécessite pas l'ouverture d'un compte auprès de la plateforme de services C.The transaction request is received by an SMS management server D within the operator platform A. The user is then authenticated from the data of the SIM card, then the charging is carried out within an accounting server E within the operator platform A. This accounting server E holds an account of the user thus authenticated. This is the account normally used for billing the mobile communications of the user. Thus, the purchase of a service does not require the opening of an account with the service platform C.
Ce compte peut avantageusement être un compte prépayé où l'utilisateur possède un solde créditeur. Ce compte va alors être débité d'un montant égal au coût du service requis. En fait, le serveur de comptabilité E gère cet achat de service comme s'il s'agissait de la consommation d'un ou plusieurs messages SMS surtaxés.This account can advantageously be a prepaid account where the user has a credit balance. This account will then be debited with an amount equal to the cost of the required service. In fact, the accounting server E manages this purchase of service as if it were the consumption of one or more premium SMS messages.
A l'étape 3, la plateforme A transmet un message d'accord sur l'authentification et la taxation vers la plateforme de services C. Ce dernier active alors le service requis. L'utilisateur peut dès lors émettre et recevoir des emails. On prévoit également l'envoi d'un message de confirmation de service activé depuis la plateforme de services C vers le téléphone B. Une variante de l'invention est l'étape 4 en pointillée sur les figures 1 et 2 où la taxation s'effectue en réponse à une requête de paiement provenant de la plateforme de services C après activation du service. Selon un mode de réalisation de l'invention, la plateforme de services C peut comprendre une passerelle Cl renfermant ladite application serveur apte à communiquer avec l'application client et la plateforme opérateur A, ainsi que plusieurs serveurs multimédia C2-C4 offrant chacun des services. On voit sur la figure 1 que l'étape 5 correspond à l'étape où le téléphone B accède au service requis auprès de l'un des serveurs multimédia, C2, par exemple via Internet.In step 3, the platform A transmits a message of agreement on the authentication and the taxation towards the platform of services C. This then activates the required service. The user can then send and receive emails. It is also expected to send a service confirmation message activated from the service platform C to the telephone B. A variant of the invention is the dashed step 4 in FIGS. 1 and 2, where charging is done in response to a payment request from the service platform C after activation of the service. According to one embodiment of the invention, the service platform C may comprise a gateway C1 enclosing said server application capable of communicating with the client application and the operator platform A, as well as a plurality of multimedia servers C2-C4 each offering services . It can be seen in FIG. 1 that step 5 corresponds to the step where the telephone B accesses the required service from one of the multimedia servers C2, for example via the Internet.
Afin de facturer la consommation effective de l'utilisateur, on prévoit un processus de suspension et d'activation du service. Sur la figure 3 les mêmes éléments portent les mêmes références que sur la figure 1. On se place dans le cas où l'utilisateur a souscrit à un service de « push mail » pour la réception de 100 emails sur une période de 30 jours, et qu'il a déjà consommé 80 emails en 10 jours. Il souhaite alors suspendre son service pendant 10 jours afin de pouvoir l'utiliser les 10 derniers jours où il prévoit la réception de messages importants. Pour ce faire, à l'étape 1 sur les figures 3 et 4, l'application client du téléphone B transmet une requête de suspension de service vers la plateforme de services C. Ce dernier identifie l'utilisateur à partir de données présentes dans la requête de suspension. Parallèlement, l'application client du téléphone B transmet à l'étape l' un message SMS vers le serveur D de gestion de SMS au sein de la plateforme opérateur A. Ce serveur D de gestion authentifie l'utilisateur à partir des données de la carte SIM envoyées avec le message SMS, puis transmet un message d'accord vers la plateforme de services C à l'étape 2. L'utilisateur est ainsi authentifié de façon certaine au sein de la plateforme de services C et le service « push mail » peut ainsi être suspendu. Avantageusement, la plateforme de services C confirme la suspension du service auprès du serveur de comptabilité E de la plateforme opérateur A à l'étape 3. Il s'agit d'une mise à jour. Avec un tel processus, une facturation provisoire peut être établie avec la consommation effective du service et non la globalité du service. Avantageusement, la plateforme de services continue à surveiller la durée de validité du service, c'est-à-dire les 30 jours, et peut envoyer des messages de rappel avant la fin de cette durée.In order to bill the actual consumption of the user, a service suspension and activation process is provided. In FIG. 3, the same elements bear the same references as in FIG. 1. It is in the case where the user has subscribed to a "push mail" service for receiving 100 emails over a period of 30 days, and that he has already consumed 80 emails in 10 days. He then wishes to suspend his service for 10 days in order to be able to use it during the last 10 days where he foresees the reception of important messages. For this purpose, in step 1 in FIGS. 3 and 4, the client application of the telephone B transmits a service suspension request to the service platform C. The latter identifies the user from data present in the service platform. request for suspension. Meanwhile, the client application of the telephone B transmits in step one an SMS message to the SMS management server D within the operator platform A. This management server D authenticates the user from the data of the SIM card sent with the SMS message, then transmits an agreement message to the service platform C in step 2. The user is thus definitely authenticated within the service platform C and the push mail service. Can be suspended. Advantageously, the service platform C confirms the suspension of the service with the accounting server E of the operator platform A in step 3. This is an update. With such a process, a provisional billing can be established with the effective consumption of the service and not the whole of the service. Advantageously, the service platform continues to monitor the period of validity of the service, that is to say the 30 days, and can send reminder messages before the end of this period.
Dans les 10 derniers jours de sa durée de validité, l'utilisateur peut vouloir réactiver son service « push mail » pour consommer ses 20 derniers emails. Il effectue alors les mêmes opérations que celles décrites ci-dessus pour les figures 3 et 4, mais dans le cadre d'une requête d'activation de service.In the last 10 days of its validity period, the user may want to reactivate his "push mail" service to consume his last 20 emails. It then performs the same operations as those described above for Figures 3 and 4, but in the context of a service activation request.
Selon la présente invention, le processus est grandement sécurisé par le fait que l'on prévoit la communication entre le téléphone B et la plateforme de services C via un canal de données, notamment en passant par Internet, alors que la communication entre le téléphone B et la plateforme opérateur A pour l'envoi de SMS se fait via un canal de signalisation, ce dernier étant un canal très éprouvé, sécurisé et permettant de récupérer les données de la carte SIM. On peut donc réaliser les étapes 1 et l' de façon parallèle puisqu'il s'agit de deux canaux distincts. On utilise ainsi deux voies de communication distinctes pour authentifier l'utilisateur.According to the present invention, the process is greatly secured by the fact that communication is provided between the telephone B and the service platform C via a data channel, in particular via the Internet, while the communication between the telephone B and the operator platform A for sending SMS is via a signaling channel, the latter being a very proven channel, secure and to recover the data from the SIM card. It is therefore possible to carry out steps 1 and 1 in parallel fashion since they are two separate channels. Two separate communication channels are thus used to authenticate the user.
Sur la figure 5 on voit un processus d'authentification sécurisé par utilisation d'un canal de données 10 et d'un canal de signalisation 11 selon l'invention. L'application client 12 logée au sein du téléphone B communique avec l'application serveur 13 logée au sein de la plateforme de services C, via Internet. Les données échangées transitent via le canal de données 10 depuis le téléphone B. Cette liaison via Internet n'est pas totalement sécurisée.In Figure 5 we see a secure authentication process using a data channel 10 and a signaling channel 11 according to the invention. The client application 12 housed in the telephone B communicates with the server application 13 housed within the service platform C, via the Internet. The data exchanged transit via the data channel 10 from the telephone B. This connection via the Internet is not completely secure.
Pour assurer l'authentification de l'utilisateur de façon sécurisé et certaine, on utilise le canal de signalisation 11 pour communiquer entre l'application client 12 et une application de facturation 14 logée au sein de la plateforme opérateur A, de préférence dans le serveur de comptabilité E. C'est par cette liaison sécurisée via le réseau mobile de l'opérateur que transitent la requête transactionnelle, telle qu'un SMS surtaxé, ou la requête d'authentification. La plateforme opérateur est donc apte à détecter les données de la carte SIM de l'utilisateur du téléphone B, authentifier l'utilisateur, éventuellement gérer la taxation ou la facturation, puis transmettre un message d'accord ou non vers la plateforme de services via Internet. Afin d'optimiser les échanges entre l'application client contenu dans le téléphone B et l'application serveur contenu dans la plateforme de services C, on prévoit un nouveau mode de communication de fichiers XML que l'on utilise pour mettre à jour l'application client depuis l'application serveur. A chaque session de communication entre l'application client et l'application serveur, on réalise une synchronisation. En particulier, on envoie par exemple un fichier XML vers l'application client. Plutôt que d'envoyer un fichier XML mélangeant de façon conventionnelle un schéma XML avec des données, le procédé selon l'invention prévoit l'envoie d'un numéro d'identification du schéma XML avec les données. C'est uniquement au cas où l'application client n'aurait pas ce schéma XML que l'application serveur enverrait le schéma XML en réponse donc à la demande de l'application client. On prévoit donc une application serveur capable d'identifier des schémas XML par des numéros d'identification, et de générer un fichier XML contenant non pas le schéma XML associé mais uniquement un numéro d'identification à côté des données. L'application client est apte à sauvegarder différents schémas XML, chacun étant identifié avec le même numéro d'identification que celui prévu par l'application serveur. Sur la figure 6, on voit un exemple simplifié d'un schéma XML contenant des métadonnées et un exemple de données associées. On voit que l'on réalise un gain de bande passante considérable si l'on parvient à économiser l'envoi systématique des schémas XML qui ont une taille bien supérieure à celle des données.To ensure the authentication of the user in a secure and certain way, the signaling channel 11 is used to communicate between the client application 12 and a billing application 14 housed within the operator platform A, preferably in the server It is through this secure connection via the mobile network of the operator that the transactional request, such as a premium SMS, or the authentication request is transited. The operator platform is therefore able to detect the data of the SIM card of the user of the telephone B, authenticate the user, possibly manage the charging or the billing, and then transmit a message of agreement or not to the platform of services via Internet. In order to optimize the exchanges between the client application contained in the telephone B and the server application contained in the service platform C, a new mode of communication of XML files is provided which is used to update the client application from the server application. At each communication session between the client application and the server application, a synchronization is performed. In particular, for example, an XML file is sent to the client application. Rather than sending an XML file conventionally mixing an XML schema with data, the method according to the invention provides for sending an identification number of the XML schema with the data. Only if the client application does not have this XML schema would the server application send the XML schema in response to the request from the client application. A server application is therefore provided that can identify XML schemas by identification numbers, and generate an XML file containing not the associated XML schema but only an identification number next to the data. The client application is able to save different XML schemas, each being identified with the same identification number as that provided by the server application. In Figure 6, we see a simplified example of an XML schema containing metadata and an example of associated data. We see that we achieve a considerable bandwidth gain if we manage to save the systematic sending of XML schemas that have a much larger size than the data.
Les applications potentielles du procédé, objet de la présent invention sont nombreuses, et ne se limitent nullement à des services directement liés à un terminal de communication mobile. Notamment l'invention peut être mise en œuvre chaque fois qu'il y a nécessité d'activer, de désactiver, de suspendre ou modifier un service quel qu'il soit.Potential applications of the method, object of the present invention are numerous, and are not limited to services directly related to a mobile communication terminal. In particular, the invention can be implemented whenever it is necessary to activate, deactivate, suspend or modify any service.
L'invention trouve une application particulièrement intéressante dans le domaine de l'accès à des chaînes de télévision payante, notamment des chaînes diffusées par câble, ligne ADSL ou par satellite, lorsque l'utilisateur souhaite, avec effet immédiat, activer ou suspendre l'accès à une chaîne. Il utilisera alors son terminal de communication mobile pour transmettre sa requête en mettant en œuvre la présente invention. Une autre application particulièrement intéressante de l'invention se situe dans le domaine des navigateurs de voiture (utilisant notamment des systèmes dits GPS), offrant certains services complémentaires tels qu'un accès en temps réel à des informations de trafic, en vue de déterminer un itinéraire optimal. Dans ce domaine, l'invention offre à l'utilisateur la possibilité, avec effet immédiat, d'activer ou de désactiver l'accès à un tel service complémentaire, notamment lorsque, au cours d'un déplacement, il arrive dans une région pour laquelle il n'avait pas souscrit à ce service. Il utilisera alors son terminal de communication mobile pour transmettre sa requête en mettant en œuvre la présente invention.The invention finds a particularly interesting application in the field of access to pay television channels, including channels broadcast cable, ADSL or satellite, when the user wishes, with immediate effect, activate or suspend the access to a channel. He will then use his mobile communication terminal to transmit his request by implementing the present invention. Another particularly interesting application of the invention lies in the field of car navigators (using in particular so-called GPS systems), offering certain complementary services such as real-time access to traffic information, in order to determine optimal route. In this field, the invention offers the user the possibility, with immediate effect, of enabling or disabling access to such a supplementary service, in particular when, during a trip, he arrives in a region to which he had not subscribed to this service. He will then use his mobile communication terminal to transmit his request by implementing the present invention.
Bien sûr, l'invention n'est pas limitée aux exemples qui viennent d'être décrits et de nombreux aménagements peuvent être apportés à ces exemples sans sortir du cadre de l'invention. Of course, the invention is not limited to the examples that have just been described and many adjustments can be made to these examples without departing from the scope of the invention.

Claims

REVENDICATIONS
1. Procédé permettant à un terminal de communication mobile appartenant au réseau d'un opérateur de téléphonie mobile de suspendre ou activer un service fourni par une plateforme de services, caractérisé en ce que ce procédé comprend les étapes suivantes :A method enabling a mobile communication terminal belonging to the network of a mobile telephone operator to suspend or activate a service provided by a service platform, characterized in that this method comprises the following steps:
- transmission d'une requête de suspension ou d'activation dudit service depuis le terminal de communication mobile vers la plateforme de services,transmitting a request for suspension or activation of said service from the mobile communication terminal to the service platform,
- identification de l'utilisateur du terminal de communication mobile au sein de la plateforme de services,- identification of the user of the mobile communication terminal within the service platform,
- suspension ou activation dudit service au sein de la plateforme de services,- suspension or activation of the service within the service platform,
- transmission d'un message de suspension ou d'activation de la facturation dudit service vers la plateforme de serveurs de l'opérateur, un compte de facturation de l'utilisateur étant contenu dans cette plateforme de serveurs de l'opérateur, ce procédé étant effectué en temps réel.transmitting a message for suspending or activating the billing of said service to the operator's server platform, a user's billing account being contained in this operator's server platform, this method being performed in real time.
2. Procédé selon la revendication 1, caractérisé en ce que lors de l'identification de l'utilisateur, le procédé comprend en outre des étapes d'authentification suivantes :2. Method according to claim 1, characterized in that during the identification of the user, the method further comprises the following authentication steps:
- transmission d'une requête d'authentification de l'utilisateur depuis le terminal de communication mobile vers une plateforme de serveurs de l'opérateur via un canal de signalisation du réseau mobile de l'opérateur, première authentification de l'utilisateur et/ou du terminal de communication mobile au sein de la plateforme de serveurs de l'opérateur, ettransmitting a user authentication request from the mobile communication terminal to a server platform of the operator via a signaling channel of the operator's mobile network, the user's first authentication and / or the mobile communication terminal within the operator's server platform, and
- authentification complémentaire de l'utilisateur et/ou du terminal de communication mobile au sein de la plateforme de services à partir de données contenues dans la requête de communication et un message d'accord provenant de la plateforme de serveurs de l'opérateur.- Complementary authentication of the user and / or the mobile communication terminal within the service platform from data contained in the communication request and an agreement message from the operator's server platform.
3. Procédé selon la revendication 2, ladite première authentification prenant en compte des secrets cryptographiques contenus dans une mémoire dudit terminal de communication mobile. 3. Method according to claim 2, said first authentication taking into account cryptographic secrets contained in a memory of said mobile communication terminal.
4. Procédé selon la revendication 3, ladite mémoire dudit terminal de communication mobile contenant lesdits secrets cryptographiques étant contenue dans une carte SIM.4. The method of claim 3, said memory of said mobile communication terminal containing said cryptographic secrets being contained in a SIM card.
5. Procédé selon l'une quelconque des revendications précédentes, ladite première authentification prenant en compte un code confidentiel entré sur le terminal de communication mobile par l'utilisateur dudit terminal de communication mobile.5. Method according to any one of the preceding claims, said first authentication taking into account a PIN entered on the mobile communication terminal by the user of said mobile communication terminal.
6. Procédé selon l'une quelconque des revendications précédentes, ladite première authentification prenant en compte une caractéristique biométrique l'utilisateur dudit terminal de communication mobile, notamment une empreinte digitale et/ou un fond d'œil.6. Method according to any one of the preceding claims, said first authentication taking into account a biometric characteristic the user of said mobile communication terminal, in particular a fingerprint and / or a fundus.
7 Procédé selon l'une quelconque des revendications 2 à 6, caractérisé en ce que la requête d'authentification est un message textuel court selon la technologie SMS ou un message non structuré selon la technologie USSD.Process according to any one of Claims 2 to 6, characterized in that the authentication request is a short text message according to SMS technology or an unstructured message according to USSD technology.
8. Procédé selon l'une quelconque des revendications 2 à 7, caractérisé en ce qu'il comprend en outre une étape au cours de laquelle la plateforme de services transmet une notification vers la plateforme de serveurs de l'opérateur si la plateforme de services ne reçoit pas de message de la part de la plateforme de serveurs de l'opérateur au-delà d'un délai prédéterminé par rapport à l'étape de transmission d'une requête de suspension ou d'activation du service.8. Method according to any one of claims 2 to 7, characterized in that it further comprises a step during which the service platform transmits a notification to the server platform of the operator if the service platform does not receive a message from the operator's server platform beyond a predetermined period of time with respect to the step of transmitting a request for suspension or activation of the service.
9. Procédé selon l'une quelconque des revendications précédentes, caractérisé en ce lorsque ledit service est associé à une durée de validité prédéterminée, la plateforme de services surveille cette durée de validité et interrompt le service lorsque cette durée de validité a expirée.9. Method according to any one of the preceding claims, characterized in that when said service is associated with a predetermined period of validity, the service platform monitors this period of validity and interrupts the service when the period of validity has expired.
10. Procédé selon l'une quelconque des revendications précédentes, caractérisé en ce que la requête de suspension ou d'activation est transmise via un canal de données du réseau mobile de l'opérateur. 10. Method according to any one of the preceding claims, characterized in that the request for suspension or activation is transmitted via a data channel of the mobile network of the operator.
11. Procédé selon l'une quelconque des revendications précédentes, caractérisé en ce qu'en réponse à la requête de suspension ou d'activation dudit service, la plateforme de services émet vers le terminal de communication mobile un message contenant un numéro de transaction identifiant cette requête de suspension ou d'activation du service.11. Method according to any one of the preceding claims, characterized in that in response to the request for suspension or activation of said service, the service platform transmits to the mobile communication terminal a message containing a transaction number identifying this request to suspend or activate the service.
12. Procédé selon l'une quelconque des revendications précédentes, caractérisé en ce que la plateforme de services comprend au moins un serveur de services multimédia et une passerelle entre la plateforme de serveurs de l'opérateur et le serveur de services multimédia, la passerelle exécutant toutes les étapes de communication avec le terminal de communication mobile et avec la plateforme de serveurs de l'opérateur.A method according to any one of the preceding claims, characterized in that the service platform comprises at least one multimedia service server and a gateway between the operator's server platform and the multimedia service server, the gateway executing all the steps of communication with the mobile communication terminal and with the operator's server platform.
13. Procédé selon la revendication 12, caractérisé en ce que, pour chaque utilisateur, la passerelle enregistre l'état opérationnel de chaque service accessible par l'utilisateur ; à chaque changement d'état, la passerelle transmet ce changement d'état vers le terminal de communication mobile.13. Method according to claim 12, characterized in that, for each user, the gateway records the operational state of each service accessible by the user; at each change of state, the gateway transmits this change of state to the mobile communication terminal.
14. Procédé selon l'une quelconque des revendications précédentes, caractérisé en ce que, pour chaque service accessible par l'utilisateur, le terminal de communication mobile indique l'état opérationnel de ce service au moyen d'une icône graphique sur un écran du terminal de communication mobile.14. Method according to any one of the preceding claims, characterized in that, for each service accessible by the user, the mobile communication terminal indicates the operational state of this service by means of a graphic icon on a screen of mobile communication terminal.
15. Procédé selon la revendication 14, caractérisé en ce que l'état opérationnel comprend les états suivants : activé, suspendu, et non activé.15. The method of claim 14, characterized in that the operational state comprises the following states: activated, suspended, and not activated.
16. Système d'accès à un service comprenant une plateforme de services, une plateforme de serveurs d'un opérateur de réseau mobile et un terminal de communication mobile ; caractérisé en ce que :16. Service access system comprising a service platform, a mobile network operator's server platform and a mobile communication terminal; characterized in that
- la plateforme de services comprend une application serveur, etthe service platform comprises a server application, and
- le terminal de communication mobile comprend une application client associée à ladite application serveur par une communication de type client- serveur ; les applications client et serveur étant paramétrées pour qu'un accès par le terminal de communication mobile à un service de la plateforme de services soit réalisé en utilisant le procédé selon l'une quelconque des revendications précédentes.the mobile communication terminal comprises a client application associated with said server application by a client-server type communication; the client and server applications being configured so that access by the mobile communication terminal to a service of the platform service is performed using the method of any one of the preceding claims.
17. Terminal de communication mobile caractérisé en ce que ce terminal comprend des fonctionnalités permettant de l'authentifier lors d'un accès à une plateforme de services en mettant en œuvre le procédé selon l'une quelconque des revendications 1 à 15.17. A mobile communication terminal characterized in that the terminal includes functionalities for authenticating it when accessing a service platform by implementing the method according to any one of claims 1 to 15.
18. Terminal selon la revendication 17, caractérisé en ce qu'il comprend une application client permettant d'authentifier l'utilisateur du terminal mobile auprès de la plateforme de services et de la plateforme de serveurs de l'opérateur à partir de données contenues dans une mémoire dudit terminal de communication mobile.18. Terminal according to claim 17, characterized in that it comprises a client application for authenticating the user of the mobile terminal with the service platform and the server platform of the operator from data contained in a memory of said mobile communication terminal.
19. Terminal selon la revendication 18, caractérisé en ce que l'application client est paramétrée de façon à générer :Terminal according to claim 18, characterized in that the client application is parameterized so as to generate:
- un premier flux de données pour une première authentification via un premier canal de communication, eta first data stream for a first authentication via a first communication channel, and
- un second flux de données pour une authentification complémentaire via un second canal de communication.a second data stream for additional authentication via a second communication channel.
20. Terminal selon la revendication 19, caractérisé en ce que le premier canal et le second canal sont identiques.20. Terminal according to claim 19, characterized in that the first channel and the second channel are identical.
21. Terminal selon la revendication 19, caractérisé en ce que le premier canal est un canal de signalisation, le second canal étant un canal de données.21. Terminal according to claim 19, characterized in that the first channel is a signaling channel, the second channel being a data channel.
22. Terminal selon l'une quelconque des revendications 19 à 21, caractérisé en ce qu'il comprend une mémoire contenant des secrets cryptographiques utilisés lors de ladite première authentification.22. Terminal according to any one of claims 19 to 21, characterized in that it comprises a memory containing cryptographic secrets used during said first authentication.
23. Terminal selon la revendication 22, caractérisé en ce que ladite mémoire dudit terminal de communication mobile contenant lesdits secrets cryptographiques est contenue dans une carte SIM. 23. Terminal according to claim 22, characterized in that said memory of said mobile communication terminal containing said cryptographic secrets is contained in a SIM card.
24. Terminal selon l'une quelconque des revendications 19-23, caractérisé en ce que l'application client est paramétrée pour prendre en compte un code confidentiel entré sur le terminal de communication mobile par l'utilisateur dudit terminal de communication mobile lors de la première authentification.24. Terminal according to any one of claims 19-23, characterized in that the client application is set to take into account a PIN entered on the mobile communication terminal by the user of said mobile communication terminal during the first authentication.
25. Terminal selon l'une quelconque des revendications 19-24, caractérisé en ce que l'application client est paramétrée pour prendre en compte une caractéristique biométrique de l'utilisateur dudit terminal de communication mobile, notamment une empreinte digitale et/ou un fond d'œil, lors de la première authentification.25. Terminal according to any one of claims 19-24, characterized in that the client application is set to take into account a biometric characteristic of the user of said mobile communication terminal, in particular a fingerprint and / or a background during the first authentication.
26. Application du procédé selon l'une quelconque des revendications 1 à 15 pour l'accès à des chaînes de télévision payante.26. Application of the method according to any one of claims 1 to 15 for access to pay television channels.
27. Application du procédé selon l'une quelconque des revendications 1 à 15 pour l'accès à des services complémentaires dans un navigateur de type GPS. 27. Application of the method according to any one of claims 1 to 15 for access to complementary services in a GPS-type browser.
EP10727067A 2009-04-29 2010-04-29 Method for suspending and activating a service in a mobile network Ceased EP2425389A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0952815A FR2945140B1 (en) 2009-04-29 2009-04-29 METHOD FOR SUSPENSION AND ACTIVATION OF A SERVICE IN A MOBILE NETWORK
PCT/FR2010/050820 WO2010125318A1 (en) 2009-04-29 2010-04-29 Method for suspending and activating a service in a mobile network

Publications (1)

Publication Number Publication Date
EP2425389A1 true EP2425389A1 (en) 2012-03-07

Family

ID=41698178

Family Applications (1)

Application Number Title Priority Date Filing Date
EP10727067A Ceased EP2425389A1 (en) 2009-04-29 2010-04-29 Method for suspending and activating a service in a mobile network

Country Status (3)

Country Link
EP (1) EP2425389A1 (en)
FR (1) FR2945140B1 (en)
WO (1) WO2010125318A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030050081A1 (en) * 2000-02-29 2003-03-13 Adriano Huber Method for confirming transactions
US20030128822A1 (en) * 2000-06-22 2003-07-10 Mika Leivo Arrangement for authenticating user and authorizing use of secured system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030050081A1 (en) * 2000-02-29 2003-03-13 Adriano Huber Method for confirming transactions
US20030128822A1 (en) * 2000-06-22 2003-07-10 Mika Leivo Arrangement for authenticating user and authorizing use of secured system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of WO2010125318A1 *

Also Published As

Publication number Publication date
FR2945140B1 (en) 2017-02-10
FR2945140A1 (en) 2010-11-05
WO2010125318A1 (en) 2010-11-04

Similar Documents

Publication Publication Date Title
EP0647052B1 (en) Management system for charging of database queries in a telecommunications network
WO2002065414A1 (en) Telepayment method and system
EP0973318A1 (en) Process for remote paying, by means of a mobile radio telephone, the acquisition of a good and/or a service, and corresponding system and mobile radio telephone
WO2000049585A1 (en) Telepayment method and system for implementing said method
FR2906662A1 (en) SYSTEM FOR MANAGING EVENT UPDATES
FR2975860A1 (en) REMOTE PAYMENT METHOD, FROM A USER DEVICE, A PURCHASE BASKET ON A MERCHANT SERVER AND AN ASSOCIATED SYSTEM
WO2003056749A1 (en) Electronic signature method
FR2837953A1 (en) DATA EXCHANGE SYSTEM
FR2845189A1 (en) ACCESS TERMINAL FOR SERVICES VIA A REMOTE RADIO FREQUENCY TERMINAL
EP1983722A2 (en) Method and system for securing internet access from a mobile telephone, corresponding mobile telephone and terminal
EP1479212A1 (en) Device and method for intermediation between service providers and their users
CA2323002A1 (en) Mobile telephone system with prepaid card
WO2010125318A1 (en) Method for suspending and activating a service in a mobile network
EP2425388A1 (en) Method for charging for and providing access to a service from a mobile communication terminal
FR2945173A1 (en) Method for authenticating mobile communication terminal to service platform via operator mobile network to access pay TV channel, involves authenticating user and/or mobile communication terminal within service platform from data
WO2012057715A1 (en) System and method for transferring credits between subscribers to the gsm mobile telephone belonging to different operators
FR2958428A1 (en) METHOD OF EXECUTING A FIRST SERVICE WHILE A SECOND SERVICE IS IN PROGRESS, USING A COMPUTER TERMINAL EQUIPPED WITH AN INTEGRATED CIRCUIT BOARD.
EP3555829A1 (en) Securing transactions
WO2022214768A1 (en) Method for controlling access to goods or services distributed via a data communication network
FR2842380A1 (en) METHOD AND SYSTEM FOR MANAGING THE PROVISION OF A DATA TERMINAL MANAGED BY AN EXTERNAL NETWORK, AND CORRESPONDING INTERMEDIATE EQUIPMENT
EP1484895A1 (en) Process of access to a network or a service by using a protocol of the family of PPPoX protocols, and architecture implementing such a process
FR2930664A1 (en) METHOD AND SYSTEM FOR TRANSACTING GOODS AND / OR SERVICES USING A TERMINAL VIA A COMMUNICATION NETWORK
WO2001089148A2 (en) Improved data exchange installation in a network and associated banking card and method
FR2919137A1 (en) Data exchanging method for ad-hoc network, involves assuring authentication, authorization and accounting service to consumer node by active node e.g. portable telephone, of ad hoc network
WO2006040459A1 (en) Intermediation method in a transaction between a client terminal and a reply supplying server, and associated server

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20111116

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR

AX Request for extension of the european patent

Extension state: AL BA ME

RAX Requested extension states of the european patent have changed

Extension state: BA

Payment date: 20111116

Extension state: AL

Payment date: 20111116

Extension state: ME

Payment date: 20111116

17Q First examination report despatched

Effective date: 20140508

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20171006