ITSO20130008A1 - CERTIFIED ACCESS TO A SYSTEM - Google Patents

Description

DESCRIPTION

TECHNICAL FIELD

The invention relates to a system, for example a loyalty system, characterized by certified access by registered and uniquely identified mobile devices, in particular a loyalty system which uses an identification of registered users and specific mobile devices by means of codes bars, and the related recording methods.

STATE OF THE ART

The retention of users, eg. customer loyalty is very important nowadays and numerous technologies have been developed to implement it in the most friendly and convenient way. One such technology, widely used in supermarkets, includes a system, part of which is centralized and part decentralized, and an operating method of the same, as described in more detail below.

An identification card is issued, eg. a loyalty card, associated with a user or customer profile. The loyalty card uniquely identifies the holder of the card as the customer it is associated with by means of a unique bar code printed on it. The barcode includes information associated with the user. The barcode is one of the possible known barcode variants, for example it can be a 1D barcode, a 2D barcode or a 3D barcode, including alpha-numeric barcodes, QR codes, codes Color QR, or other type of barcode. At each access to the system, the barcode printed on the loyalty card is read at the access point by a barcode reader and the information contained in the barcode is transferred to a central unit which compares it with information stored during registration and issuance of the loyalty card; the access request is validated and associated with the corresponding user or customer so that other actions are taken or services are provided.

As shown in Figure 1, the loyalty system 100 includes a central unit 110 coupled to a database 115. The central unit 110 is configured to access the database 115, eg. to store and retrieve information associated with a plurality of users. The system 100 also comprises a plurality of terminals 120a, 120b, 120c, etc. communicatively coupled to the central unit via a 140 network, eg. a system network. Each terminal 120a, 120b, 120c is located at an access point for the user, eg. to a supermarket checkout counter, and may comprise a respective barcode reader 125a, 125b, 125c, e.g. an optical reader. Barcode readers 125a, 125b, 125c are readers capable of reading at least one type of barcode, such as 1D, 2D, or 3D barcodes, to list some examples.

The loyalty card 130 issued is therefore uniquely associated with the user profile of each user. The loyalty card includes 135 identifying information, eg. a code or number, printed on the card in the form of a bar code 136 (eg a 1D bar code, a 2D code, or a 3D code, etc.).

Upon a conventional access request with the loyalty card 130, a terminal 120a reads with its bar code reader 125a the bar code 136 printed on the loyalty card presented by the user. The terminal transmits the identification information 135 included in the barcode 136 to the central unit 110 via the system network 140. The central unit 110 compares the information received 135 with information stored in the database 115 and in the event of a match ( for example, the information received 135 corresponds to the corresponding information in the database 115) access with the loyalty card is considered valid and associated with the user holding the card, then a positive acknowledgment is sent to the terminal 120a; if no correspondence is found with a record in the database 115, a negative acknowledgment is sent to the terminal 120a. Depending on the feedback, the customer may or may not be enabled for further actions.

Typically, the loyalty card 130 is issued following the corresponding registration request (105) by a user. Some user information 106 is collected and associated with a user profile, such as eg. personal data (name, surname, etc.), social security number, address, home and mobile phone number, e-mail address, etc.

Existing technologies provide acceptable performance, but there is a need for further improvements. For example, it would be desirable to grant wider access to the system; this broader access should preferably include access by other authorized users associated with the same user profile as the cardholder, for example husband, wife or another relative (son-daughter), or in any case another different person by the owner. This need can be satisfied by issuing a second loyalty card, for example a copy of the card originally issued, associated with the same user or owner. However, these solutions add complexity.

Furthermore, current solutions are characterized by an inherent weakness in security which can lead to unauthorized use of the loyalty card or a fraudulent copy of it. In fact, duplicating a conventional loyalty card with a barcode printed on it is not difficult at all, so the risk of fraudulent use of a "copied" card is always present. Therefore, safer technology is needed.

SUMMARY OF THE INVENTION

To address the aforementioned and other problems, a system is provided comprising a central unit coupled to a database for storing user profile records, and terminals with barcode readers communicatively coupled to the central unit, in which the unit control panel is configured to receive registration requests from mobile devices, and to generate device-specific identification codes, eg. barcodes, based on unique hardware identifiers, e.g. IMEI and / or ICCID / MSISDN codes, received with the mobile device registration request. The central unit is further configured to send the specific identification code to the mobile device and grant certified access to the system if the identification information acquired by a terminal corresponds, for example, to an identification code stored in the database. . For greater security, the central unit can also be configured to use a rolling code (variable code based on the generation of pseudo-random numbers) in generating the specific identification code and / or to send the specific identification code to the mobile device in a identification file encrypted with the unique hardware identifier. A method is also provided for granting certified access of a mobile device to a system comprising storing records associated with user profiles in a database, receiving registration requests from mobile devices, requests including unique hardware identifiers, e.g. IMEI and / or ICCID / MSISDN, and data associated with the user profile, generate a specific identification code of the mobile device and grant certified access to the system if an acquired certified identification code corresponds, for example, to the specific identification code. Advantageously, generating the specific identification code can use a pseudo-random variable code and / or sending specific identification information to the mobile device includes sending an encrypted identification file with the unique hardware identifier, to ensure improved security. The method also considers registering a mobile device both associated with an existing user profile and for a new user.

A method is also provided for granting certified access to a system by a mobile device comprising searching for an identification file stored in a memory of the mobile device, verifying a correspondence between identification information, e.g. a certified barcode such as a 1D, 2D, or 3D barcode, obtained from identifying information retrieved from the identification file and a unique hardware identifier, e.g. an IMEI and / or an ICCID / MSISDN of the mobile device, and make the certified identification information available, for example by showing it on a display, only if the match exists. Advantageously, the identification file is decrypted using the unique hardware identifier. The method also contemplates sending a registration request for the mobile device to be associated with an existing user profile or sending a new registration request. Other embodiments are described in detail in the following description and accompanying drawings. BRIEF DESCRIPTION OF THE DRAWINGS

Figure 1 illustrates a loyalty system according to the state of the art.

Figure 2 illustrates a loyalty system according to some embodiments of the invention.

Figure 3 shows a simplified flow chart of a method for finding a request for access to a loyalty system according to some embodiments of the invention.

Figure 4 shows a simplified flow chart of a method for registering a mobile device for access to a loyalty system according to some embodiments of the invention.

Figure 5 shows a simplified flow chart of a method for showing an access code to request access to a loyalty system according to some embodiments of the invention.

Figure 6 shows some examples of the information used, sent or received by the mobile device requesting access and / or by the central unit of a loyalty system according to some embodiments of the invention.

DETAILED DESCRIPTION

Some non-limiting examples of the invention are described below. Some details can be omitted to avoid clouding the heart of the invention; at the same time, not all the features described are necessary, or must necessarily be present in conjunction with each other, to realize the invention and may have been included to simplify the description of the various embodiments; correspondingly, the claimed subject matter is defined by the claims.

Figure 2 illustrates a system 200 for identifying a user, e.g. a loyalty system of a distribution chain to identify a customer. The term "loyalty system", as used herein, is not to be understood strictly limited to loyalty systems, but refers more generally to any system designed to register and identify a user / customer through information associated with the profile of the same.

System 200 includes a central unit 210 with access to a database 215; the system 200 also comprises a plurality of terminals 220a, 220b, 220c, etc. communicatively coupled to the central unit 210 via a network 240, eg. a system network. Although in Figure 2 the system network 240 is shown with a single block, in some embodiments it can be physically divided into two or more portions communicating by means of suitable interposed communication means (not shown) which are not strictly part of the network system; examples of these means of communication can be a wired telephone network, a waveguide or fiber optic network, a radio communication network, or combinations thereof, such as any integrated communication system of a communications provider.

Each terminal 220a, 220b, 220c, is arranged at an access point for the user, eg. to a store in the distribution chain, and may comprise a respective barcode reader 225a, 225b, 225c. The bar code readers 225a, 225b, 225c are readers capable of reading at least one type of different bar codes, such as 1D, 2D, or 3D bar codes. In some embodiments the barcode readers 225a, 225b, 225c etc. they are optical readers. The choice between the different types of barcode reader may depend on the specific application and / or market segment (e.g. depending on the amount of data to be read, system security, overall cost, etc. ). Examples of 1D barcodes include 1D barcodes with between 5 and 40 digits or characters, or between 8 and 25 digits or characters, such as 14 digits. 2D barcodes can encode a greater number of characters, e.g. in the case of QR code up to 4296 alpha-numeric characters, or 7089 digits or 2953 bytes of 8 bits. Although the following description always refers to barcodes and related barcode readers, it is understood that the invention extends to other coding and related reading methods, such as, by way of example, optical character recognition. recognition - OCR) or images. These methods are therefore to be understood as included in the definition of "bar code" and "bar code reader", with the appropriate adaptations.

The central unit 210 is configured to access the database 215, for example to store and retrieve information associated with the plurality of users. A loyalty card 230 is typically issued to a user after a corresponding registration request 205 reaches the central unit 210. The registration request 205 includes information 206 associated with the requesting user typically including personal data, eg. name and surname, social security number, address, contact details, such as home and / or mobile phone number, e-mail address, and possibly other data. These data, or at least a part of them, are collected from the user directly at the time of registration to the loyalty system and are stored in a record 290 in the database 215. Additional information can be collected, added and / or updated afterwards. registration. Each record 290 is associated with a user and in some embodiments it may be referred to as a user profile.

A loyalty card 230 uniquely associated with the user profile is issued for each user. The loyalty card includes an identification number 235 printed on the card in the form of a barcode 236. The barcode can be one of several types of barcodes known or still to be developed, for example it can be a 1D barcode, a 2D barcode, a 3D barcode, comprising alpha-numeric codes, QR codes, color QR codes, or other types of barcodes, and is a barcode compatible with, i.e. readable by, barcode 225a, 225b, 225c in terminals 220a, 220b, 220c at system access points.

Upon a conventional access request with a loyalty card 230, a terminal 220a reads with its own bar code reader 225a the bar code 236 imprinted on the loyalty card 230 presented by a user. Terminal 220a transmits information included in barcode 236, e.g. the identification number 235 among other information, to the central unit 210 via the system network 240. The central unit 210 compares the information, eg. the identification number 235, with the information stored in the database 215 and in the event of a match (e.g. the identification number 235 and / or the barcode 236 correspond to corresponding information in a record 290 of the database 215) the access by the user to whom the loyalty card 230 is associated is considered valid, and a positive acknowledgment is sent to the terminal 220a; if no matching record is found, a negative acknowledgment is sent to terminal 220a. Depending on the feedback, the user will be enabled or disabled for further actions (eg. Upload credits to the loyalty account, view the total available credits on the receipt being issued, obtain a discount, receive a gift, etc.).

According to some embodiments of the invention, certified access to the system can be requested through a mobile device 260; examples of mobile devices include, without limitation, a mobile phone, a smart-phone, a laptop, a digital assistant, among other electronic devices. Only certified access requests from registered mobile devices are considered valid; requests for certified access from unregistered mobile devices are rejected.

To register a mobile device 260 in the system 200, a registration request 271 from the mobile device 260 is received at the central unit 210, for example via SMS or e-mail. The mobile device registration request includes information relating to the user profile to which the registration request will be associated; alternatively, if the registration request is a request for registration of a new user, the registration request of the new user includes all the information relating to the user necessary for the request to be accepted, eg. information 206. In both cases, identification information of the mobile device is also provided 260.

The information relating to the user profile typically includes the identification number of the user profile to which the request must be associated. In one embodiment, the identification number of the user is obtained from the mobile device 260 by reading the bar code 236 of the loyalty card 230 issued, e.g. through a photo-camera present in the mobile device 260 itself. According to another embodiment, the user identification number and / or the bar code of the loyalty card 236 can be entered using a keyboard or a touch screen of the mobile device 260, or otherwise provided.

The information relating to the user profile may include additional user information, such as personal data, address, password, social security number, an image (eg. A photograph), etc. The additional user information can be used to verify that the mobile device registration request 271 is a legitimate request, as explained in more detail below.

The mobile device identification information 260 includes at least one unique hardware identifier 262 of the mobile device 260. For example, an "International Mobile Equipment Identity" code 262 (IMEI) is a unique hardware identifier of the mobile device, an "Integrated Circuit Card ID" code of a "Subscriber Identity Module" (SIM) or a "Mobile Station ISDN" number (ISDN mobile station number - MSISDN) associated with the SIM, i.e. its telephone number, are other examples of a unique hardware identifier 262 (when the SIM is paired with the mobile device 260, it is considered to be a part of the mobile device in all respects). While in the first case (IMEI code) the access of the mobile device 260 will be validated regardless of which SIM card is mounted on it, if any, in the second case (ICCID, MSISDN) the access will be validated when performed by the SIM card independently from which mobile device it belongs, i.e. any mobile phone or tablet with the identified SIM card installed. If the unique hardware identifier 262 includes information relating to both the IMEI code of the mobile phone and the ICCID or MSISDN number of the SIM, the registration request to the system will be made for both in combination, and an access will be valid only for the mobile phone. identified that mounts the identified SIM card.

Upon receipt of the registration request 271, the central unit 210 compares the information received in the request 271 with information in the user profile records 290 present in the database 215. The user identification number 235 and / or the bar code 236 they are validated and matched to the corresponding user profile. Additional information relating to the user is compared with the corresponding information available in record 290.

Alternatively, upon receipt of a registration request 271 from a new user by the mobile device 260, the central unit 210 verifies that all the data necessary to accept the registration (e.g. information 206) are present and valid. creates a record 290 in the database 215 associated with the new user.

In the event that the user identification number 235 and / or the barcode 236 or the additional user information is invalid (or some of the necessary data is absent or invalid), an error message 275 is sent (e.g. via SMS or e-mail) to the mobile device 260, informing that the registration could not be finalized. If all information is valid, the request can be considered legitimate and the central unit generates a second barcode 266, which can be referred to as device-specific barcode266 (corresponding to 666 in figure 6), different from the 236 barcode printed on the issued 230 loyalty card. The steps for generating the device-specific barcode will be discussed in more detail with reference to Figure 4. A specific mobile device 260 can read the specific barcode 266 associated with it and display, or otherwise make available, a code to bars certificate 267 whenever it requires certified access.

The specific barcode 266 of the device is stored in the user's profile 290 in the database 215 and is associated with the same user. An access request with any of the barcodes (236 or 267) will be considered a valid access request by the user associated with the corresponding user profile. Various methods can be used to generate the device-specific barcode 266; according to one of these methods, a rolling code, or pseudorandom variable code, can be used to increase the security in the generation of the specific barcode 266, eg. to make it more difficult for hackers to generate barcodes otherwise valid for mobile devices. In some embodiments, the certified barcode 267 contains more information than the barcode 236; for example, the 236 barcode can be a 1D barcode (between 8 and 32 digits), while the 267 certified barcode can be a 2D barcode (with a number of digits greater than 255, e.g. 1000 , but also many more).

A registration message 276 including the bar code 266 is sent by the central unit 210 to the mobile device 260, eg. via SMS or e-mail. In one embodiment, the specific barcode 266 is sent to the mobile device 260 in encrypted form to increase security, for example as part of an encrypted file 268, or ID-file, attached to or included in the registration message 276 Encryption can be done using the unique hardware identifier 262 received with the registration request 271, eg. the IMEI code and / or the ICCID / MSISDN of the SIM, as a password. The ID-file 268 is stored in a memory in or coupled to the mobile device (in this context, a memory coupled to the mobile device, such as an expansion memory, for example an SD card or the like, can be regarded as a memory in the full-fledged mobile device). Optionally, a notification message can also be sent to the user associated with the user profile in case one or more attempts to register an additional mobile device have been made. The notification message may contain information regarding the registration attempt in case of failure (i.e. considered invalid and rejected), or information regarding the successful outcome of a registration request (i.e. considered valid and accepted); the information may contain data concerning the requesting device (eg IMEI code and / or ICCID / MSISDN of the SIM), among others. In one embodiment, the user's approval is required, i.e. by the holder of the loyalty card, before proceeding with the registration of the mobile device, even if the request is considered reliable (not shown).

According to an alternative approach, the mobile device 260 can be registered after a registration request 271 has been received by the central unit 210 via a different channel, eg. not directly from the mobile device 260 as described above with reference to Figure 2; for example the request can be received by e-mail, in writing, by SMS, etc. provided that the same or similar safety standards are met.

Upon a request for certified access by a user's mobile device, the ID-file 268 is accessed and decrypted using the unique hardware identifier 262 of the mobile device 260, so that only the correct mobile device (i.e. the one with the same IMEI used to encrypt the ID-file 268) can access the identification information and show the certified barcode 267 or otherwise make it available. A terminal 220b reads with its barcode reader 225b the barcode made available by the mobile device 260, ie the certified barcode 267. The terminal transmits the information contained in the barcode to the central unit 210 via the system network 240. The central unit 210 compares the information received from the terminal 220b with the information stored in the database 215. The comparison can result in an information match or a mismatch. A match can occur if the information in the received barcode (236 or 267) matches the corresponding information of a record 290 in the database, for example the received barcode is the same as the barcode 236 of the issued card 230 or the code bar code 666 which identifies the mobile device 260 of a user profile 290 in the database 215. There is no correspondence, for example, if the barcode received is different from the barcodes of the cards 230 issued and the barcodes to them Associates. If the comparison shows a match, the access is considered valid, and a positive feedback is sent to terminal 220b. If no matching record 290 is found in database 215, a negative acknowledgment is sent to terminal 220b. Depending on the feedback, the user can be enabled or disabled for subsequent actions (e.g. upload credits to the loyalty account, view the total credit of the loyalty account on the receipt being issued, obtain a discount, receive a gift, etc. ).

According to one aspect of the invention, the 267 certified barcode can only be shown correctly by the mobile device registered in the system 200, eg. the same mobile device 260 from which the registration request 271 was originated. Upon a request for certified access by a mobile device 260, the mobile device 260 reads the information received with the registration message 276, e.g. the ID-file 268, decrypting its contents using the unique hardware identifier 262. For example, when asked to show or otherwise provide the certified barcode 267, the mobile device 260 uses its own IMEI code 262 (or the ICCID / MSISDN of the SIM, or both) to decrypt the ID-file 268. Further checks can be performed on the ICCID / MSISDN of the SIM card operating in the mobile device, if present. Then the mobile device 260 shows on its screen, or in any case makes available, for the acquisition by the barcode reader 225b of the terminal 220b the certified barcode 267. To further increase security, the barcode is provided outgoing, eg. shown on the screen of the mobile device 260, for a limited time only, e.g. in an interval between 3s and 30s, or in an interval between 5s and 20s, for example 10s.

In some embodiments, access to the unique hardware identifier and the decryption of the ID-file to obtain the 267 certified barcode are performed at each access request. If a pseudo-random variable code was used to generate the specific barcode 266 (see the description of Figure 4 below, more specifically step 440), a temporary code can be generated at each access request, possibly conditional on the 'entering a password; the information corresponding to the temporary code can be included in the certified barcode 267 shown as displayed by the mobile device 260, thus ensuring an even higher level of security against fraud. In other embodiments, the information received with the registration message 276 is decrypted once and the specific barcode 266 is stored in the mobile device 260 in unencrypted form. In yet another embodiment, the specific barcode 266 of the device is transmitted in the ID-file 268 in unencrypted form in the registration confirmation message. If the specific barcode 266 is stored in the mobile device 260 in unencrypted form, a check can still be made to ensure that the unique hardware identifier 262 matches the corresponding information received with the file-ID before showing the code to bars certificate 267.

Figure 3 shows a simplified flowchart of a method 300 for acknowledging a request for access to a system, e.g. the loyalty system 200, and granting certified access to a specific hardware, according to some embodiments of the invention. Typically the method 300 will follow the registration of the hardware, that is of the mobile device, in the system, which will be discussed with reference to Figure 4. The method 300 starts at step 310 with the receipt of a request for access of a device to the loyalty system , e.g. an access request from a mobile device 260 as described with reference to Figure 2. At step 320 a barcode is acquired by a barcode reader (for example from the barcode reader 225b of the loyalty system 200 ); the bar code read in step 320 can indifferently be a bar code 236 printed on a loyalty card 230 (as in a conventional access request) or a certified bar code 267 made available, for example shown, by a mobile device 260 as described above (note that the bar code 267 can be shown by the mobile device 260 only if the mobile device has a unique hardware identifier 262 which allows the decryption of the identification data). At step 330 identification data (included in the bar code 236 or 267) are transferred from the terminal 220b to the central unit, 210 in Figure 2, via the system network 240, according to one embodiment. At step 340 the identification data are compared with data stored in the database 215, for example to find a correspondence between the identification number of the user received (in the received bar code 236 or 267) and an identification number or a bar code of a registered user. At step 350 a decision is made based on the result of the comparison made at step 340: if no match is found, e.g. the identification information received does not match that of any registered user, access will not be granted and, in step 360, a negative feedback is sent to terminal 220b and the method ends in step 380; if, on the contrary, a match is found, e.g. the identification information received corresponds to that of one of the registered users (in record 290), certified access will be granted and associated with the corresponding registered user so that, in step 370, a positive response is sent to the 220b terminal. The method finally ends at step 380. Depending on the positive or negative response, subsequent actions may or may not be undertaken and / or services provided (not shown in Figure 3) following the access request.

Figure 4 shows a simplified flowchart of a method 400 to register a mobile device for access to a system, eg. the loyalty system 200, according to some embodiments of the invention. Method 400 begins at step 410. At step 415 a registration request is received from a mobile device. The registration request received in step 415 contains identification data of a user profile (if the registration request is a request for registration of the mobile device to be associated with an existing user profile) or user data (if the registration request is a request for registration of a new user directly submitted via the mobile device); in any case, the registration request contains identification data of the mobile device.

For example, the registration request 271 by an unregistered mobile device 260 can be received to be associated with an existing user profile; in this case it may contain information relating to the user profile to which the registration must be associated (for example the user's identification number and additional information relating to the user for verification purposes) in addition to identification information of the mobile device 260 (for example a unique hardware identifier 262, such as an IMEI code and / or an ICCID / MSISDN), as described with reference to Figure 2. Figure 6b shows in further detail the content of the information (671) in such a registration request.

In another example, the registration request may be a new user registration request; in this case it may contain user data necessary for identification, such as personal data, address, social security number, an image (eg. a photograph), etc. Figure 6a describes in further detail the content of the registration information (606) to complete user identification. Also in this case the identification information of the mobile device 260 is received (for example a unique hardware identifier 262, such as an IMEI code and / or an ICCID / MSISDN), as described with reference to Figure 2. At step 420 a comparison is performed for any correspondence between the information received and existing data stored in the database (record 290); for example by comparing the user identification number or the barcode 236 of the issued card 230 and the additional information of the user profile, eg. personal information, passwords, etc. At step 425 a decision is made which depends on a result of the comparison at step 420; if the comparison is negative, eg. there is no correspondence between the information received and the information in the database, ie no corresponding record is found in the database, a determination is made in step 426 whether the registration request is or is not a registration request for a new user. If it is not, the received data is removed (in step 430) and an error message is sent to the mobile device (in step 435), for example an SMS or email message 275, stating that the registration (a notification message can also be sent to the user associated with the user profile for which the registration request was rejected - not shown); after which the method ends at step 480. If the determination at step 426 is that the registration request is a request to register a new user, method 400 continues at step 440 (see below). Even if the comparison resulting from the decision taken in step 425 is positive, e.g. a correspondence is found between the information received and data existing in the database, the method 400 continues to step 440, where a device-specific barcode is generated. Optionally, a pseudo-random variable code can be used to increase the security and strength of the method against hackers, so that the specific barcode is only available on a temporary code-controlled basis. In step 450 the identification code just generated, e.g. the device-specific barcode 266 is added to the user profile in the database (record 290); in the event of a request for registration of a new user (step 426) the record 290 is created, storing the identification information and the information relating to the specific barcode. While the new identification code is stored in the database, the additional identification information of the mobile device can also be stored and associated with the user profile in the database, for example the unique hardware identifier 262, or the IMEI code and / or the ICCID / MSISDN of the SIM. At step 460 the new identification code is sent to the mobile device which requested the registration, for example to the mobile device 260; the information containing the new identification code and the unique hardware identifier of the mobile device can be sent as a file, which can be referred to as a file-ID, attachment or in an SMS or e-mail message, such as message 276, or in any other way. Conveniently, the ID-file can be sent in encrypted form. According to one embodiment, the encryption password is the unique hardware identifier of the mobile device, eg. the IMEI code and / or the ICCID / MSISDN of the SIM. An activation code, e.g. a PIN activation code can also be optionally sent to the mobile device (step 461) for increased security activation. If a PIN activation code was sent to the mobile device (step 461), registration is activated (in step 462) upon receipt of an activation request from the mobile device (which can be received later - not shown), the activation request including the PIN activation code. Steps 461 and 462 can be omitted or simply include the activation request without the additional security of the activation PIN code. At step 465, a check is optionally performed whether an address of the owner user is available (such as an e-mail address or a telephone number capable of receiving a notification, or similar). If there is no delivery available, the method ends at step 480. If an address is available, at step 470 a notification is sent to the owner associated with the user profile for which the registration was accepted; for increased security, it is also possible to send the user an activation password to finalize the registration (not shown). The method ends at step 480.

Figure 5 shows a simplified flow chart of a method 500 to show an access code to access a loyalty system according to some embodiments of the invention.

The method 500 comprises the functionality of a request for certified access by a mobile device, represented by branch 501 in Figure 5, or for registration to the loyalty system of the mobile device itself, represented by branch 502 in Figure 5; Typically, registration to a given system occurs only once, while numerous and repeated accesses to the system can take place. As will become clear from the explanation below, the 500 method is designed to operate in close conjunction with the 300 and 400 methods described above; more precisely, at least in some embodiments, the method 500 describes the steps performed by a mobile device, such as the mobile device 260, to register 502 (see method 400) and to request 501 certified access (see method 300 ) to a system, such as the loyalty system 200, for example. In some embodiments, the method 500 can be performed on the mobile device 260 after being downloaded, e.g. from the system network 240 or from the internet.

At step 505 the method begins. In step 510, identification information stored in a memory in or coupled to the mobile device is sought (in this context, a memory coupled to the mobile device, such as an expansion memory, for example an SD card or the like, can be considered as a memory in the mobile device for all purposes); this information, if present, can be in a file which can be referred to as the ID-file (in fact the ID-file 268 is typically the same ID-file sent by the central unit 210 at step 460 of method 400) . The identification information is based, at least in part, on information, such as the device-specific barcode 266, associated with the user profile to which the mobile device is associated, and on a unique hardware identifier 262 of the registered mobile device, e.g. its IMEI or ICCID / MSISDN code of the SIM. In one embodiment, the ID-file including the identification information is included in the registration message 276 sent by the central unit 210 to the mobile device 260, eg. via SMS or e-mail, and may contain the specific barcode 266, as described with reference to Figure 4 and in particular to step 460. To further increase security, the identifying information, eg. the specific barcode 266, can be in encrypted form, for example using a unique hardware identifier of the mobile device (eg. the IMEI code and / or the ICCID / MSISDN of the SIM) as an encryption password.

In step 515 a decision is made based on the result of the search for ID-file 268. If the ID-file is found in step 510, you are requesting certified access to the loyalty system; correspondingly, method 500 jumps to branch 501, and in particular to steps 516, 517, 580 and 590, to retrieve the identification information, verify that they correspond to the unique hardware identifier and, if necessary, show them or otherwise make them available. If, on the contrary, the ID-file is not present or has no identifying information, the 500 method jumps to branch 502, eg. in step 520, to proceed with the registration of the mobile device. The two branches (i.e. 501 certified access and 502 registration request) are described below in detail.

If the ID-file 268 is found, method 500 continues from step 515 to step 516, where the ID-file is selected and an attempt is made to access step 517 to retrieve the identification information, eg. the specific barcode 266 associated with the registered mobile device 260. According to a preferred embodiment, the ID-file 268 is an encrypted file using the IMEI code 262 of the mobile device 260 that had requested the registration; according to this embodiment, at step 517 the ID-file 268 is decrypted using the IMEI code 262 of the mobile device 260 (the IMEI code is read by the mobile device using the available instructions). Similarly, the same can be done for the ICCID and / or the MSISDN of the SIM card, if they have been used to encrypt the ID-file, possibly in conjunction with the IMEI. As you will have understood, you can access the ID-file 268 only if the unique hardware identifier of the mobile device 260, eg. the IMEI code 262, is the same unique hardware identifier sent with the registration request (see steps 540 and 529 below). According to a different, less secure embodiment, the ID-file 268 includes both identifying information, eg. the specific barcode 266, which the unique hardware identifier, eg. the IMEI code 262, either unencrypted or encrypted with a password other than the unique hardware identifier 262.

At step 580, a decision is made based, at least in part, on a match or mismatch between the identifying information and the unique hardware identifier; if a match is determined, the identifying information, e.g. the device specific barcode 266, are shown in the form of certified identification information 267 on the screen of the mobile device 260 (step 590), while, if a mismatch is determined, an error message is shown (step 585), such as further detailed below. To make the determination there are several possibilities; according to an embodiment, a unique hardware identifier, e.g. the IMEI 262 code of the mobile device 260 and / or an ICCID / MSISDN, can be used as a password to decrypt the ID-file in step 517; if the ID-file can be correctly decrypted, a correspondence and identification information is determined, eg. the specific barcode 266, can be read from the ID-file 268; if, on the other hand, the IMEI code 262 of the mobile device 260 is not the correct password to decrypt the ID-file 268, a mismatch is determined.

Additional conditions (not shown) may be imposed for a match to be established; for example, you can check the ICCID / MSISDN of a SIM card operating in the mobile device, if present (in this case the corresponding information is present in the ID-file 268).

As anticipated above, if a match is determined, eg. it is determined that the mobile device 260 is the same mobile device that had requested and obtained the registration to the system, in step 590 the identification number or code is output from the mobile device 260. In one embodiment, the mobile device renders available and / or shows a barcode, e.g. the certified barcode 267, corresponding to the identifying information, and the method ends at step 595. The barcode shown can be one of several known barcode varieties, for example it can be a 1D barcode, a 2D bars or a 3D barcode, including alpha-numeric codes, QR codes, color QR codes, or other types of barcodes; the barcode is shown, or otherwise made available, in a format acceptable by, i.e. compatible with, a barcode reader 225a, 225b, 225c, etc., of the system 200. In some embodiments, the code a certified bar 267 is a 2D barcode and contains more information than the barcode 236 printed on the loyalty card 230, which is typically a 1D barcode; for example, the certified barcode 267 can be a 2D barcode, while the barcode 236 printed on the loyalty card 230 can be a 1D barcode with 14 digits, although the invention is not so limited. If a pseudo-random variable code was used (see above step 440 of method 400), accessing the ID-file 268 can activate a temporary code and the bar code shown 267 can contain information about the temporary code , thus giving a further improved security in addition to the verification on the hardware of the mobile device.

If, on the other hand, the identifying information does not correspond to the unique hardware identifier (step 580), an error message is shown at step 585 (for example "user or device not registered") and the method proceeds with the registration at step 520 (as illustrated in figure 5, alternatively it can terminate at step 595 - not shown).

Returning to the decision referred to in step 515, if in step 515 a determination was made that the ID-file is not present, or lacks identifying information, method 500 jumps to branch 502, eg. in step 520, to start a procedure for registering the mobile device. Step 520 asks if a registration of the mobile device is desired. If not, at step 525 a message is shown (for example "device not registered") and the method ends at step 595. If registration is desired, at step 528 a determination is made whether the registration request is a request for registration of a new user (exit YES from 528) or less (exit NO from 528), in which case the registration request is a registration request for the mobile device to be associated with an already registered user; the determination can be made in any appropriate way, for example based on an answer prompted by a question. If the registration request is a registration request for a mobile device, eg. of the mobile device 260, to be associated with an already registered user (NO exit from step 528), in step 530 the user bar code printed on the loyalty card issued is inserted. According to an embodiment, the barcode 236 printed on the issued card 230 can be read by the mobile device 260, e.g. acquiring an image of the code with a camera and analyzing it to extract the corresponding digital information; alternatively, the bar code can be received at the input of a keyboard of the mobile device 260 or by any other means. At step 540 additional data relating to the registered user are provided in input and a unique hardware identifier acquired; examples of such additional data relating to the user include at least one of the user's personal data, address data, user password, an image (eg. a photograph), etc. (as already discussed with reference to the description in figure 2 above, the additional data relating to the user, or user information, can be used to verify that the request for registration of the mobile device is a legitimate request, see also the relative description a 671 in figure 6). The method continues at step 550 with the sending of the registration request to central unit 210, as described below.

Returning now to the determination referred to in step 528, if the registration request is a registration request of a new user (YES output from step 528), at step 529 information and user identification data are received and an identifier is acquired. unique hardware of the mobile device. User information data may include personal data (name, surname, etc.), address, home / mobile phone number, e-mail address, social security number, an image (e.g. a photograph), and any other data possibly necessary to finalize the registration to the system; these data typically correspond to the data 206 provided to a conventional registration request (see description of 606 in Figure 6). A unique hardware identifier can be an IMEI 262 code and / or an ICCID / MSISDN of the SIM of the 260 mobile device; this information can be retrieved from the corresponding memory location of the hardware device. In some embodiments, a digital signature may also be input to sign the new user's registration request via the mobile device 260. After all the necessary data has been entered in step 529, the method continues to step 550 with the '' sending the registration request to the central unit 210.

At step 550 a request 271 for registration of a mobile device is sent to the central unit 210 of the loyalty system 200, for example by SMS or e-mail message, or by other means. At step 555 you enter a waiting ring and a message is shown (for example "wait") at step 560 until you receive a reply from the central unit of the system. When received, the acknowledgment includes an identification file, e.g. file ID 268, with an identification code, and eg. the device specific barcode 266; the acknowledgment may also include an activation code to be used to request registration activation (see below) and, optionally, information relating to a temporary code activated by a pseudo-random variable code for use in access requests, as described above. At step 565 a validity check of the received identification code is performed (eg if it has the correct number of digits or characters, if it meets certain minimum structural and content criteria, etc.). If the result of the verification is negative, i.e. the received identification code is invalid (e.g. the received file-ID cannot be decrypted, or the acknowledgment includes an error message), in step 570 it is deleted and a message (for example “invalid data”) and the method continues to step 520 with a new registration attempt. If the verification is positive, i.e. the received identification code is valid, at step 575 the ID-file 268 is stored in a memory in or coupled to the mobile device (in this context, a memory coupled to the mobile device, such as a memory expansion, for example an SD card or similar, can be considered as a memory of the device in all respects) for use at a request for access to the system. The method can optionally continue to step 576 by sending a confirmation message, e.g. an SMS or an e-mail message to the central unit 210 to confirm that the procedure has been completed successfully; the confirmation message may include an activation request and the corresponding registration activation code (more precisely the same activation PIN code received in step 461) to initiate the activation of mobile device registration 260. A "registration completed" message can be shown at step 577. The method ends at step 595 as shown in FIG. 5 or (not shown) method 500 can continue at steps 580 and 590 with device specific access to system 200.

Figure 6 shows some examples of the information used, sent or received by the mobile device and / or by the central unit. Depending on the information, it can refer to method 300, method 400, method 500, or their combinations. It is understood that the type and quantity of data, as well as their organization are only non-exhaustive examples.

Figure 6a shows registration information 606 received at a user's registration request, for example information 206 received from central unit 210. Registration information 606 includes personal information, such as first and last name 606a, date of birth, social security number 606b, identity card number 606c, address 606d, home and / or mobile phone number (s) 606e, email address 606f, image 606g, etc., among other information. During a certified registration request via a mobile device, such as eg. in steps 528 and 529 of method 500, information relating to a unique hardware identifier 262 (IMEI and / or ICCID / MSISDN) is automatically added to registration information 606. Not all fields of information 606 described are required.

Figure 606b shows information 671 sent by the mobile device, e.g. the mobile device 260, and received by a central unit, eg. the central unit 210, to a request for registration of the mobile device, for example the registration request 271. The information 671 includes identification information 636, eg. the bar code 236 printed on the issued card 230 corresponding to a user profile for which registration is being requested. Information 671 also includes additional verification information 640 (e.g., that entered in step 540), which may include some of the information 606 received upon a registration request. In some embodiments, the additional verification information 640 may include the user's personal data 606a and / or his address 606d or telephone number 606e and / or e-mail 606f, etc. The 640 additional verification information is used to determine whether the registration request is a legitimate request or not (on the assumption that only trusted access to such information is possible). Information 671 also includes a unique hardware identifier 662, e.g. the IMEI code 262 and / or the ICCID / MSISDN of a SIM of the mobile device 260. Other information not described here may also be included.

Figure 6c shows information 668 included in an identification file, e.g. the ID-file 268 sent by the central unit 210, received by the mobile device 260 and stored in its memory. The information 668 includes a specific barcode 666, corresponding to the device specific barcode 266. The 668 information also includes a unique hardware identifier 662, such as the IMEI and / or the ICCID / MSISDN 262 of the mobile device 260. Other information that is not described here may be included in the ID-file. According to an embodiment, the specific barcode 666 can be encrypted using the unique hardware identifier 662 as a password, eg. the entire ID-file (and therefore the specific barcode 666) are encrypted and password protected by means of the IMEI code 262 of the mobile device 260. The encryption is performed by the central unit 210 (step 460 of method 400), while decryption is performed by the mobile device 260, using the corresponding information available only on the device itself (step 517 of method 500).

Figure 6d shows an example of a record 690 associated with a user profile and stored in the database 215 of the system 200. The record 690 comprises registration information 606 relating to a user, typically received at a user registration request; such information may include the 606 registration information described above and other information collected and / or updated after the original registration request. Record 690 also includes barcode 236 printed on issued card 230, if present. Record 690 also includes information 668 as described above, e.g. the IMEI262 and / or the ICCID / MSISDN of a SIM of the registered mobile device 260, the specific barcode 266, if present, etc. The 690 record may further include other information, for example credit, a password, etc.

The above description has been set out in an illustrative and non-restrictive way. The combination of embodiments, and other embodiments not specifically described here will be evident to those skilled in the art by reading the above description. In particular, some steps can be omitted and / or additional steps can be implemented in the methods as described; in addition, the exact order of execution can be varied.

Claims (11)

CLAIMS 1. A method of granting certified access to a system, comprising: to. Storing a record (690) associated with a user profile in a database (215), b. Receiving (415) a registration request from a mobile device (260) characterized in that the registration request comprises a unique hardware identifier (262; 662) of the mobile device (260) and data associated with the user profile, and the method further comprises: c. Generate (440) a specific identification code (666) associated with the user profile, d. Send (460) the specific identification code (666) to the mobile device (260), And. Receive (310) a certificate access request from the mobile device (260), f. Grant (370) certified access if a certified identification code (267) corresponds to the specific identification code (666). The method of claim 1 wherein the certified identification code (267) comprises a bar code (267). The method of claim 1 in which to send (460) the specific identification code (666) comprises sending an identification file (ID-file; 668) which includes the specific identification code (666), the identification file (ID-file; 668) encrypted with the unique hardware identifier (262; 662). 4. The method of claim 1 in which the registration request is one of a request for registration of the mobile device to be associated with the user profile of a registered user and a request for registration of a new user, in which to. If the registration request is the registration request of the mobile device to be associated with the user profile of a registered user the method further comprises verifying (420) a correspondence between the additional verification information (640) received and corresponding data in the record (690), And b. If the registration request is a new customer registration request, the method further involves creating the record (690). 5. Method for certified access to a system (200) by a mobile device (260) comprising: to. Search (510) for an identification file (ID-file, 268) stored in a mobile device memory (260), characterized by the fact that b. If (515) the identification file (ID-file, 268) is present in the memory, the method further includes: bi. Verify (580) a match between identifying information (266) contained in the identification file (ID-file, 268) and a unique hardware identifier (262) of the mobile device (260), and b.ii. Make (590) certified identifying information (267) available only if the verifier (580) determines that the match is present. The method of claim 5 in which to verify (580) the match comprises decrypting the identification file (ID-file, 268) with the unique hardware identifier (262) of the mobile device (260) to retrieve (516, 517) the identifying information (266). 7. The method of claim 5 further comprising: c. If (515) the identification file (ID-file, 268) is not present in the memory, there. Send (550) a registration request including a unique hardware identifier (262) of the mobile device (260). The method of claim 7 wherein the registration request is one of a new user registration request and a mobile device registration request to be associated with a registered user, the method further comprises: d. If the registration request is the new user's registration request: from. Send (550) registration information (606) by sending the registration request; And. If the registration request is the registration request for the mobile device to be associated with the registered user: e.i. Acquire (530) a barcode (236) from a card (230), e e.ii. Send the acquired barcode (236) and additional verification information (640) by sending the registration request (550). The method of claim 5 wherein the unique hardware identifier (262) comprises one or more of an International Mobile Equipment Identity (IMEI, 262) of the mobile device (260), an Integrated Circuit Card ID (ICCID, 262) and a Mobile Station ISDN (MSISDN, 262) of a Subscriber Identity Module (SIM) coupled to the mobile device (260). 10. A system (200) comprising: to. A central unit (210) coupled to a database (215) to store a record (690) of a user profile, b. A terminal (220a, 220b, 220c) communicatively coupled to the central unit (210), the terminal capable of acquiring identification information (236, 267), characterized by the fact that c. The central unit (210) is configured for there. Receiving a registration request (271) from a mobile device (260), the registration request comprising a unique hardware identifier (262; 662) of the mobile device (260), c.ii. Generate a specific identification code (666), c.iii. Send the specific identification code (666) to the mobile device (260), c.iv. Store the specific identification code (666) and / or the unique hardware identifier (262; 662) in the record (690), c.v. Compare the identification information (236; 267) acquired by the terminal (220a, 220b, 220c) with the specific identification code (666) stored in the record (690), and c.vi. Grant certified access to the system if the acquired identification information (236, 267) matches the specific identification code (666). 11. The system of claim 10 in which the central unit (210) is further configured to send the specific identification code (666) in an identification file (ID-file, 268) encrypted with the unique hardware identifier (662).