MXPA00006175A - Secure messaging system overlay for a selective call signaling system - Google Patents

Abstract

A secure messaging system (900) generates a secure financial transaction message. A wireless selective call signaling system controller (102) receives the secure financial transaction message as a selective call message request including a destination identifier. A selective call message processor (1104) encapsulates the secure financial transaction message in a selective call message that includes a selective call address corresponding with the destination identifier. A selective call transmission service (904) conveys the selective call message to a financial messaging unit (906) that receives the selective call message, and in response to correlating the selective call address with a selective call address corresponding with the financial messaging unit (906), recovers the secure financial transaction message to effect a financial transaction.

Description

PROGRAMMING OF A SECURE MESSAGING SYSTEM FOR A SELECTIVE CALL SIGNALING SYSTEM FIELD OF THE INVENTION This invention relates in general to selective call signaling systems and, more particularly, to a selective call signaling system that facilitates securing financial transactions in a wireless network.

BACKGROUND OF THE INVENTION In conventional selective call signaling systems a user or originator can send a message to a subscriber unit (eg, selective call receiver), the message comprises an address associated with the subscriber unit, and also comprises data The data can be in one. or more ways, for example as numeric digits representing a telephone number, alpha numeric characters representing a readable text message or possibly a multimedia message comprising audio information and graphic information. Typically, this form of sending messages was sufficient to carry information between individuals or services relating to their business, special interests, whereabouts, general time or important appointments at a certain time. However, due to P1347 / OOMX the growing need of society to have information at the time a person is in motion, a solution must be found that allows an individual to develop personal or commercial transactions, and be kept informed of personal events, contacts and business information Considering conventional wireless systems that include both cellular and radiolocation applications, there are significant problems that must be resolved before commercial or personal transactions of a reliable and private type can be implemented. Due to the advancement of engineering sciences, particularly in the areas of wireless communications and computer science, it has become relatively easy for a "hacker" to monitor both the address and the broadcast data to the receiver of the selective call. . This unwanted monitoring or intrusion represents a problem for potential users of wireless communication systems since their personal data may be exposed to unauthorized individuals, which represents an unnecessary risk for both parties if confidential information is disseminated. In addition, if the information contains clear text data that represent a personal address, serial number, Personal Identification Number (PIN), or the like, an unscrupulous individual who P1347 / 00MX monitor the data stream can access individual personal accounts or can hack the address to clone an unauthorized communication device. The thief of the service or confidential information, in this way is probably the most discouraging point facing the manufacturers of communication equipment and service providers today and in the future. The interest in securing the data contained in broadcasts is especially critical in the area of electronic financial transactions. The exposure for capturing the clear text data contained in a financial transaction invites and, surely will be, the theft of funds or fraud against an individual. Therefore, what is required is a wireless messaging system that allows an originator to communicate a secure message between a subscriber unit and the originator, and authenticate the secure message without exposing the content or meaning of the message.

SUMMARY OF THE INVENTION In summary, according to the invention, there is provided a method and apparatus for sending data comprising secure financial transactions, on an existing radiolocation-type infrastructure equipment, using protocols of P1347 / O0MX radiolocation such as FLEXMR, a Motorola registered trademark, Inc., POCSAG (Post Office Code Standardization Advisory Group), or similar. A first aspof the invention involves the design of hardware that implements a method for programming a secure messaging in an existing radiolocation infrastructure. The existing radiolocation infrastructure comprises a radiolocation terminal that includes a radiolocation encoder for processing the received messages and their corresponding destination requests. The radiolocation terminal generates a queue of selve call messages comprising the received messages and their corresponding selve call addresses according to what is determined of the corresponding destination requests. The distribution of the selve call messages in the message queue is handled by the radiolocation terminal which dispatches the messages to at least one base station (e.g., transmitter, antenna and receiver) for communication between the base station and Subscriber or radiolocation units. A second aspof the invention involves the inclusion of a cryptographic engine in the radiolocation terminal to selvely encrypt, decrypt, sign and verify the authenticity of the P1347 / 00MX messages received from both an originator and the subscriber or radiolocation unit. A third aspect of the invention involves a subscriber unit or radiolocator which is equipped with a special security module that can process cryptographic information contained in the selective call messages to verify its authenticity, extract the encrypted data and return the encrypted or acknowledged responses, as necessary, to authenticate and confirm receipt of the secure message. A fourth aspect of the invention involves a subscriber unit or radiolocator that is equipped with a primary apparatus and possibly a secondary apparatus for communicating both incoming and outgoing messages. The primary devices comprise a conventional radiofrequency receiver and, optionally, a conventional radio frequency transmitter. The secondary apparatus comprises an optical apparatus and, optionally, an optical transmitter. Alternatively, the secondary apparatus may further comprise one or more acoustic transducers or other electromagnetic transducers and associated circuitry that implements a uni or bidirectional communication link between the subscriber unit or radiolocator and the originator. A fifth aspect of the invention involves P1347 / 00MX a subscriber or pager unit that includes a single default account identifier that corresponds to at least one of the following: funds storage card or electronic cash card, debit card, credit card or bank account . A sixth aspect of the invention refers to a subscriber or pager unit that includes multiple predetermined account identifiers corresponding to at least two of the following: electronic funds or cash storage cards, debit cards, credit cards or accounts banking. A seventh aspect of the invention relates to a cryptographic engine in the radiolocation terminal and the security module in the subscriber unit or radiolocator having adapted a plurality of cryptographic procedures. These cryptographic procedures comprise both public and private key systems, as appropriate. One of these private key systems is the Data Encryption Standard (DES - Data Encryption Standard) that uses the ANSI X3.92 DES algorithm in CBC mode. Similarly, a first public key system is RSA (invented by Rivest, Shamir and Adleman), a cryptographic procedure based on subexponential unidirectional functions implemented P1347 / O0MX using multiplication and exponentiation of integer of module n. A second public key system uses elliptical curve technology, a cryptographic procedure that is based on exponential and highly nonlinear unidirectional functions implemented over finite fields. An eighth aspect of the invention involves the initiation of a wireless transaction from a subscriber unit or radiolocator, the wireless transaction being related to at least one of the following: electronic card for storage of funds or cash, debit card, card Credit or bank account. A ninth aspect of the invention involves a personal identification number selected by the user that is programmed within the subscriber unit or pager to protect the financial accounts or the funds charged in the subscriber unit or the pager. A tenth aspect of the invention relates to a personal identification number selected by the user that is programmed into the smart card by the subscriber unit or the pager, thus disabling access to any feature of the protected smart card, unless subsequently is accessed or reprogrammed by the subscribing or radiolocating unit. P1347 / 0OMX A thirteenth aspect of the invention involves the authentication of an authorized subscriber unit or radioloker as a communication agent for the wireless financial transaction and selectively prohibits any financial transaction directed to accounts belonging to the subscriber unit or the pager or that be controlled by these, being authorized, when a financial transaction of entry or exit is communicated between an issuer and an unauthorized subscriber or radiolocator unit and, in the alternative, avoiding credit transactions or transfers of funds that exceed a predetermined limit established by the user authorized or by a regulator, for example the bank, the issuer of the credit card or the like.

BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is an electrical block diagram of a data transmission system that is used according to the preferred embodiment of the present invention. Figure 2 is an electrical block diagram of a terminal for processing and transmitting message information according to the preferred embodiment of the present invention. Figures 3 to 5 are diagrams of P1347 / O0MX timing illustrating the transmission format of the signaling protocol used in accordance with the preferred embodiment of the present invention. Figures 6 and 7 are timing diagrams illustrating synchronization signals used in accordance with the preferred embodiment of the present invention. Figure 8 is an electrical block diagram of a financial messaging unit according to the preferred embodiment of the present invention. Figure 9 is a diagram of a secure messaging system in accordance with the present invention. Figure 10 is a high-level block diagram of a financial messaging unit according to the preferred embodiment of the present invention. Figure 11 is a block diagram of message composition and encryption equipment that could be used in the facilities of a financial institution to send electronically secure funds transfer authorizations to the financial messaging units through a radiolocation channel. Figure 12 is a functional diagram of a controller of the selective call signaling system, wireless, which implements a system of P1347 / 00MX combined, unidirectional and bidirectional secure messaging, capable of signaling financial messaging units. Figure 13 illustrates the different layers of a messaging system in a format that is similar to the stacking diagram of the Organization Standards International (OSI) which is well known in the electronics industry. Figure 14 is a flow chart illustrating the typical operation of a financial messaging unit according to the preferred embodiment of the present invention. Figure 15 illustrates a typical sequence associated with the request and authorization of electronic funds transfer or debit of funds by and from a wireless financial messaging unit. Figure 16 illustrates a typical sequence associated with the wireless transfer of funds or debit of funds by and from a wireless financial messaging unit in a secure communication system, both unidirectional and bidirectional.

DESCRIPTION OF A PREFERRED MODE With reference to Figure 1, the electrical block diagram illustrates a data transmission system 100, for example a system of P1347 / 00MX radiolocation, which is used according to the preferred embodiment of the present invention. In the data transmission system 100, the messages originate either from a telephone, such as in a system providing numeric data transmission, or from a message input device, for example an alphanumeric data terminal, they are routed through the public switched telephone network (PSTN) to a radiolocation terminal 102 that processes the information of the numeric or alphanumeric messages for transmission by one or more transmitters 104 provided within the system. A plurality of transmitters are used, the transmitters 104 preferably broadcast simultaneously in two channels the information message to the financial messaging units 106. The processing of the numeric and alphanumeric information by the radiolocation terminal 102 and the protocol used for the transmission of the messages are described below. Referring to Figure 2, an electrical block diagram of the radiolocation terminal 102 used to process and control the transmission of information messages according to the preferred embodiment of the present invention is illustrated. Short messages, for example, tone-only messages and messages P1347 / 00MX, which can be easily entered using a Touch-Tone ™ telephone, are coupled to the radiolocation terminal 102 through a telephone interface 202, in a manner well known in the art. Longer messages, for example numeric alpha messages that require the use of a data entry device, are coupled to the radiolocation terminal 102 through a modem 206 that uses any modem transmission protocols among the well known ones. When a call is received to send a message, a controller 204 handles the processing of the message. The controller 204 is preferably a microcomputer, for example MCßdOxO or equivalent, manufactured by Motorola Inc., which runs several preprogrammed routines to control these terminal operations, for example voice announcements to instruct the originator of the call in the form of how to enter the message, or the handshaking protocol to enable the reception of messages from a data entry device. When a call is received, the controller 204 references the information stored in the subscriber database 208 to determine how the message that is being received will be processed. The subscriber database 208 includes information, in a way that is not limited to the addresses assigned to the financial messaging unit, type Message P1347 / 00MX associated with the address and information related to the status of the financial messaging unit, for example an active or inactive state when the invoice payment was not made. A data entry terminal 240 is provided which is coupled with the controller 204 and which is used in order to enter, update and cancel the information stored in the subscriber database 208, to monitor the performance of the system and to obtain this information as billing information. The subscriber database 208 also includes information regarding the transmission frame and the transmission phase that was assigned to the financial messaging unit, as will be described in more detail below. The received message is stored in an active location file 210 that stores the messages in queues according to the transmission phase assigned to the financial messaging unit. In the preferred embodiment of this invention, four phase queues are provided in the active location file 210. The active location file 210 preferably is a dual port random access memory, first in first out type, although It will be appreciated that other random access memory devices, for example hard disk drives, may also be used. Periodically, P1347 / 00MX the message information stored in each of the phase queues is retrieved from the active location file 210 under the control of the controller 204, using the timing information, according to which it provides a real time clock 214, or any other suitable timing source. The message information retrieved from each phase queue is classified by its frame number and then organized by address, message information and any other information required for transmission (all of which is referred to herein as information relating to the message), and then it is grouped into frames based on the size of the message, by means of the frame grouping controller 212. The grouped frame information for each phase queue is coupled to the frame message buffers 216 which temporarily store the frame information. grouped table until a moment in which the subsequent processing and transmission will be done. The frames are grouped in numerical sequence, so that while a current frame is being transmitted, the next frame to be transmitted is in the frame message buffer 216, and the next frame following is being retrieved and grouped. At an appropriate time, the grouped chart information stored in message buffer 216 P1347 / 00MX of frame is transferred to frame encoder 218, retaining once more the phase queue relationship. The frame encoder 218 encodes message and address information into message code and address words required for transmission, as will be described below. The encoded address and message code words are ordered in blocks and then coupled to a block interleaver 220 that preferably intersperses eight code words at a time to form interleaved information blocks for transmission in a manner well known in the art. The interleaved code words contained in the interleaved information blocks produced by each block interleaver 220 are subsequently transferred in series to a phase multiplexer 221, which multiplexes the message information in a bit-by-bit relationship to a serial data stream. through the transmission phase. The controller 204 subsequently enables a frame synchronization generator 222 that generates the synchronization code that is transmitted at the start of each frame transmission. The synchronization code is multiplexed with the address and message information under the control of the controller 204 via a serial data splicer 224 and generates, from it, a message stream that is suitably formatted for transmission.

P1347 / 00MX The message stream is then coupled to a transmitter controller 226 which, under the control of the controller 204, transmits the message stream on a distribution channel 228. The distribution channel 228 can be any type of distribution channel. among the well-known ones, for example a wired line, an RF or microwave distribution channel or a satellite distribution link. The distributed message stream is transferred to one or more transmitting stations 104, depending on the size of the communication system. The message stream is first transferred to a dual port buffer 230 which temporarily stores the message stream before transmission. At an appropriate time determined by the timing and control circuit 232, the message stream is retrieved from the dual port buffer 230 and coupled to the input of a 4-level FSK modulator 234, preferably. The modulated message stream is subsequently coupled to transmitter 236 for transmission via antenna 238. Referring to Figures 3, 4 and 5, the timing diagrams illustrate the transmission format of the signaling protocol used in accordance with the preferred embodiment. of the present invention. The signaling protocol is commonly called the call signaling protocol Motorola FLEXMK Selective P1347 / 00MX, MR As shown in the Figure 3, the signaling protocol enables the transmission of messages to financial messaging units, for example, radiolocators, assigned to one or more of the 128 frames that are labeled from frame 0 to frame 127. Later it will be appreciated that the real number of frames provided within the signaling protocol may be greater or less than described above. The greater the number of frames used, the longer the battery life that can be provided to the financial messaging units operating within the system. The smaller the number of frames used, the more often messages can be queued and delivered to the financial messaging units assigned to any particular frame, thus reducing the latency or time required to deliver the messages. As shown in Figure 4, the frames comprise a word synchronization code (sync) followed preferably by eleven blocks of message information (information blocks) that are labeled as block 0 to block 10. As shown in the Figure 5, each block of message information preferably comprises eight code words of address, control or data that are marked from word 0 to word 7, for each phase. In P1347 / 00MX consequence, each phase is a frame that allows the transmission of up to eighty-eight words address, control and data code. The words "address code," "control" and "data" preferably comprise two sets, a first set that relates to a vector field comprising a short address vector, a long address vector and a first message word, and a null word, and a second set that is related to a message field comprising a message word and a null word. The control and data address code words or preference message are code words of 31, 21 BCH that have added a thirty-second uniform parity bit that provides an additional bit of distance to the set of codewords. It will be appreciated that another type of code words may be used, for example the word code 23.12 Golay. Unlike the well-known POCSAG signaling protocol that provides address code words and data that use the first code word bit to define the type of code word, either as address or data, this distinction is not provided for code words of address and data in the FLEXMR signaling protocol used with the preferred embodiment of the present invention. On the contrary, the words address code and data are defined by their P1347 / 00MX position within the individual boxes. Figures 6 and 7 are timing diagrams illustrating the synchronization code used according to the preferred embodiment of the present invention. In particular, as shown in Figure 6, the synchronization code preferably comprises three parts, a first synchronization code (sync 1), a word code of frame information (frame info) and a second word code of synchronization ( sync 2). As shown in Figure 7, the first word synchronization code comprises first and third portions labeled as bit sync 1 and BS1, which are alternating patterns that 1.0 bit providing bit synchronization; and second and fourth portions labeled "A" and its complement "A", which provide frame synchronization. The second and fourth positions of preference are simple codewords 32,21 BCH which are predefined to provide high codeword correlation reliability and which are also used to indicate the bit rate of data to which addresses and messages are transmitted. Table 1 defines the data bit rates that are used in conjunction with the signaling protocol.

P1347 / 0OMX Table 1 As shown in Table 1, three data bit rates are predefined for the transmission of addresses and messages, although it will be appreciated that a greater or lesser number of data bit rates may also be predefined, depending on the requirements of the system. The preferred frame information code word is a single code word 32.21 BCH that includes within the data portion a predetermined number of reserved bits to identify the frame number, for example 7 encoded bits to define the frame number 0 to the frame number 127. The structure of the second preference synchronization code is similar to that of the first synchronization code described above. However, unlike the first synchronization code which is preferably transmitted at a fixed data symbol rate, for example at 1600 bps (bits per second), the second synchronization code is transmitted at the speed of P1347 / 00MX data symbol to which the address and messages are to be transmitted in any specific frame. Accordingly, the second synchronization code allows the financial messaging unit to obtain a "fine" bit and frame synchronization at the bit rate of frame transmission data. In summary, the signaling protocol used with the preferred embodiment of the present invention comprises 128 frames including a predetermined synchronization code followed by eleven blocks of information comprising eight code words of address, control or message for each phase. The synchronization code enables identification of the data transmission rate and ensures synchronization by the financial messaging unit, where the data code words are transmitted at various transmission speeds. Figure 8 is an electrical block diagram of the financial messaging unit 106 according to the preferred embodiment of the present invention. The heart of the financial messaging unit 106 is a controller 816, which is preferably implemented with the use of a low power MC68HC0x microcomputer, for example that manufactured by Motorola, Inc., or the like. The controller of the microcomputer, P1347 / 00MX, hereinafter referred to as controller 816, receives and processes inputs from various peripheral circuits, as shown in Figure 8 and controls the operation and interaction of peripheral circuits that use software subroutines. The use of a microcomputer controller for processing and control functions (eg, as a function controller) is well known to those skilled in the art. The financial messaging unit 106 is capable of receiving address, control and message information, hereinafter referred to as "data" which are modulated using frequency modulation techniques of 2 levels and 4 levels preferably. The transmitted data is intercepted by an antenna 802 which is coupled to the input of a receiving section 804. The receiving section 804 processes the received data in a manner well known in the art, providing the output with a recovered, analog data signal of 4 levels, which we will then call a recovered data signal. The recovered data signal is coupled to an input of a threshold level extraction circuit 808 and an input of a 4 level decoder 810. The operation of the threshold level extraction circuit 808, the 4 level decoder 810, P1347 / 00MX the symbol synchronizer 812, the 4-level to binary converter 814, the synchronization code word correlator 818 and the phase-timing generator (data recovery timing circuit) 826 which are illustrated in the unit financial messaging of Figure 8 will be better understood by reference to U.S. Patent No. 5,282,205 entitled "Data Communication Terminal Provided Variable Length Message Dragging and Method for Same", granted to Kuznicki et al., ceded to Motorola, Inc., whose content is incorporated herein by reference. Referring again to Figure 8, the threshold level extraction circuit 808 comprises two synchronized level detector circuits (not shown) having as inputs the recovered data signal. Preferably, signal states of 17%, 50% and 83% are used to enable the decoding of the 4-level data signals presented to the extraction circuit of the threshold level 808. When the power is initially applied to the receiving portion , as when the financial messaging unit is turned on first, a clock speed selector is present through a control input (center sample) to select a 128X clock, that is, a clock that P1347 / 00MX has a frequency equivalent to 128 times the slowest data bit rate, which as previously described is 1600 bps. The 128X clock is generated by the clock generator 128X 844, as shown in Figure 8, which is preferably a crystal-operated oscillator operating at 204.8 KHz (kilohertz). The output of the clock generator 128X 844 is coupled to an input of the frequency divider 846 that divides the output frequency into two to generate a 64X clock at 102.4 KHz. The 128X clock allows the level detectors to detect asynchronously, in a very short period of time, the peak and valley amplitude values of the signal, and therefore generate the low threshold output signal values (Lo ), average (Avg) and something (Hi) for modulation decoding. After the symbol synchronization with the synchronization signal is achieved, as will be described below, the controller 816 generates a second control signal (central sample) to enable the selection of a symbol clock IX that is generated by the synchronizer of symbol 812, as shown in Figure 8. The 4-level decoder 810 preferably operates using three voltage comparators and a symbol decoder. The recovered data signal is coupled to an input of the three comparators that have thresholds corresponding to P1347 / 00MX the standardized signal states of 17%, 50% and 83%. The resulting system effectively recovers the demodulated FSK information signal of 2 or 4 levels by coupling the recovered data signal with the second input of a comparator of 83%, the second input of a 50% comparator and the second input of a 17% comparator. The outputs of the three comparators corresponding to the values of the low (Lo), average (Avg) and high (Hi) threshold output signal are coupled to the inputs of a symbol decoder. The symbol decoder then decodes the inputs according to Table 2.

Table 2 As shown in Table 2, when the recovered data signal (RCin) is less than the three threshold values, the generated symbol is 00 (MSB = 0, LSB = 0). Subsequently, as each of the three threshold values is exceeded, a different symbol is generated, as shown in the table below.

P1347 / 00MX above. The output MSB that comes from the 4-level decoder 810 is coupled to an input of the symbol synchronizer 812 and provides an input of recovered data generated upon detection of the zero crossings in the data signal recovered from 4 levels. The positive level of the recovered data entry represents the two excursions of positive deviation of the data signal recovered from 4 levels, analogue, above the average threshold output signal, and the negative level represents the two excursions of negative deflection of the recovered data signal, 4 levels, analogue, below the threshold to average output signal. The symbol synchronizer 812 uses a 64X clock at 102.4 KHz, which is generated by the frequency divider 846, which is coupled to an input of a 32X speed selector (not shown). The 32X speed selector is preferably a divider that provides selective division between 1 or 2 to generate a sample clock that is thirty-two times the symbol transmission rate. A control signal (1600/3200) is coupled to a second input of the 32X speed selector and is used to select the sample clock rate for the symbol transmission rates of 1600 and 3200 symbols per second. The clock shows The selected P1347 / O0MX is coupled to an input of the 32X data sampler (not shown) that samples the recovered data signal (MSB) to thirty-two samples for each symbol. The symbol samples are coupled to an input of a data edge detector (not shown) that generates an output pulse when a symbol edge is detected. The sample clock is also coupled to an input of a circuit divided by 16/32 (not shown) which is used to generate synchronized symbol IX and 2X clocks for the recovered data signal. The circuit divided by 16/32 preferably is an ascending / descending counter. When the data edge detector detects a symbol edge, a pulse is generated which is passed through an AND gate (Y) with the current count of the divider circuit between 16/32. As a result, a pulse is generated by the data edge detector which is also coupled to an input of the divider circuit between 16/32. When the impulse coupled to the input of the gate AND (Y) arrives before the generation of a count of thirty-two by the divider circuit between 16/32, the output generated by the gate AND (Y) causes the count of the divider circuit between 16/32 is advanced in an account, in response to the pulse that is coupled to the divider circuit input between 16/32, from the data edge detector, and when the pulse coupled to the input P1347 / 00MX of the AND gate (Y) arrives after the generation of a thirty-two count by the divider circuit between 16/32, the output generated by the AND gate causes the divider circuit count between 16/32 to be delayed in an account, in response to the pulse that is coupled to the input of the divider circuit between 16/32, coming from the data edge detector, thus enabling the synchronization of the IX and 2X symbol clocks with the recovered data signal. The generated symbol clock rates will be better understood from the following Table 3.

Table 3 As shown in the previous table, symbol clocks IX and 2X generate 1600, 3200 and 6400 bits per second and synchronize with the recovered data signal. The 4-level binary converter 814 couples the symbol clock IX to a first clock input of a clock speed selector (not shown). A symbol clock 2X is coupled to a second clock input of the selector of P1347 / 00MX clock speed. The symbol output signals (MSB, LSB) are coupled to the inputs of an input data selector (not shown). A selector signal (2L / 4L) is coupled to a selector input of the clock speed selector and the input data selector selector input, and provides control of the conversion of the symbol output signals either as 2-level FSK data or as 4-level FSK data. When the 2-level FSK data conversion (2L) is selected, only the MSB output that is stored at the input of a conventional serial parallel converter (not shown) is selected. The clock input IX is selected by the clock speed selector which results in a single bit binary data stream that is to be generated at the output of the parallel to serial converter. When the 4-level FSK data conversion (4L) is selected, the two LSB and MSB outputs that are coupled to the inputs of the parallel to serial converter are selected. The 2X clock input is selected by the clock speed selector which results in a 2 bit binary data stream, in series, which will be generated at a symbol rate of 2X, which is provided at the output of the inverter. parallel to in series. Referring again to Figure 8, the binary data stream in series generated by P1347 / 00MX the 4-binary to binary converter 814 is coupled to the inputs of a synchronization code word correlator 818 and a demultiplexer 820. The predetermined synchronization patterns of code word "A" are retrieved by the controller 816 from a code memory 822 and are coupled to a code word correlator "A" (not shown). When the synchronization pattern receives matches within an acceptable error range of one of the predetermined code "A" word synchronization patterns, an "A" or "A" output is generated and coupled to the 816 controller. particular "A" or "A" code word synchronization provides frame synchronization at the beginning of the code word ID of the frame and also defines the data bit rate of the message that follows it, as already described above. The binary data stream in series is also coupled to an input of the frame code word encoder (not shown) that decodes the frame code word and provides an indication of the frame number that is currently being received by the controller 816. During acquisition of synchronization, for example after turning on the initial receiver, power is supplied to the receiving portion by the battery saver circuit 848, shown in Figure 8, which enabled P1347 / 00MX the reception of the word synchronization code "A", as already described, and that continues to be supplied to enable the processing of the rest of the synchronization code. The controller 816 compares the frame number that is currently being received with a list of frame numbers stored in the code memory 822. If the frame number currently received is different from an assigned frame number, the controller 816 generates a signal of battery saving which is coupled to an input of battery saver circuit 848, suspending the power supply to the receiving portion. The power supply will be suspended until the next frame is assigned to the receiver, at which time a battery-saving signal is generated by the 816 controller, which is coupled to the battery saver circuit 848, to enable the power supply to the receiver portion to enable reception of the allocated frame. A predetermined "C" code word synchronization pattern is retrieved by the controller 816 from a code memory 822 and coupled to a code word correlator "C" (not shown). When the synchronization pattern receives matches with an acceptable margin of error in the codeword pattern "C" predetermined, an output "C" or "C" is generated.

P1347 / 00MX is coupled to the controller 816. The particular synchronized code word "C" or "C" provides "fine" frame synchronization to start the data portion of the frame. The start of the actual data portion is established by the controller 816 which generates a block start signal (Blk Start) which is coupled to the inputs of a code word deinterleaver 824 and a data recovery timing circuit 826. A control signal (2L / 4L) is coupled to an input of the clock speed selector (not shown) that selects symbol clock inputs either IX or 2X. The selected symbol clock is coupled to the input of a phase generator (not shown) which is preferably a synchronized call counter that is synchronized to generate four phase output signals (0104). A block start signal is also coupled to an input of the phase generator and is used to maintain the call counter at a predetermined phase until the actual decoding of the message information starts. When the block start signal releases the phase generator, it starts to generate the synchronized phase signals that are synchronized with the incoming message symbols. The synchronized phase signal outputs are then coupled to the inputs P1347 / 00 X of a phase selector 828. During operation, the controller 816 retrieves from the code memory 822, the transmission phase number to which the financial messaging unit is assigned. The phase number is transferred to the phase selection output (0 Selection) of the controller 816 and is coupled to a phase selector input 828. A phase clock, corresponding to the assigned transmission phase, is provided in the output of the phase selector 828 and is coupled to the clock inputs of the demultiplexer 820, the de-interleaver block 824 and the address and data decoders 830 and 832, respectively. The demultiplexer 820 is used to select the binary bits associated with the assigned transmission phase which are then coupled with the input of the deinterleaver of blocks 824, and is synchronized in the deinterleaver array in each corresponding phase clock. In a first mode, the deinterleaver uses an array of 8 x 32 bits that deinterleaves eight words code address, control or 32-bit message, which corresponds to a block of information transmitted. The deinterleaved address code words are coupled to the input of the address correlator 830. The controller 816 retrieves the address patterns assigned to the financial messaging unit, and couples the patterns to a second entry of the address correlator. When P1347 / 00MX any of the deinterleaved address code words matches any of the address patterns assigned to the financial messaging unit within an acceptable margin of error (eg, the number of bit errors that can be corrected in accordance with the selected code word structure), the message information and the corresponding information associated with the address (eg, the information representing the broadcast and received selective call signaling the message, which was previously defined as information related to the message) was it then decodes by the data decoder 832 and is stored in a message memory 850. After detection of an address associated with the financial messaging unit, the message information is coupled to the input of the data decoder 832 which decodes the encoded message information, preferably in a BCD or ASCII format storage for subsequent storage and deployment. Alternatively, the software-based signal processor may be replaced with a hardware equivalent signal processor that retrieves the address patterns assigned to the financial messaging unit, and information related to the message. After, or before the detection of an address associated with the unit of P1347 / 00MX financial messaging, the message information and the corresponding information associated with the address can be stored directly in the message memory 850. The operation in this form allows the subsequent decoding of the actual message information, for example, the information encoded message that is decoded in BCD, ASCII format or suitable multimedia format for subsequent presentation. However, when performing direct storage, the memory must be structured so as to allow efficient, high-speed placement of the message information and corresponding information associated with the address. In addition, to facilitate the direct storage of message information and corresponding information associated with the address in message memory 850, a code word identifier 852 examines the received code word to assign a type identifier for the code word in response to the code word belonging to one of a game comprising a vector field and a game comprising a message field. After determining the type identifier, a memory controller 854 operates to store the type identifier in a second memory region within the corresponding memory with the code word. The previous memory structure and the operation of the memory storage device of P1347 / 00MX deinterleaved information comprising the message memory 850, the code word identifier 852 and the memory controller 854, is more fully set forth in the patents incorporated below. After storage of the information related to the message, a sensitive alert signal is generated by the controller 816. The sensitive alert signal is preferably an audible alert signal, although it will be appreciated that other sensitive warning signals, such as For example, tactile warning signals, and visual warning signals, may also be generated. The audible alert signal is coupled via the controller 816 to an alert actuator 834 that is used to drive an audible alert device, for example, a microphone or an 836 transducer. The user can override the generation of alert signal to through the use of user input controls 838, in a manner well known in the art. The stored message information may be recalled by the user using the user input controls 838 whereby the controller 816 retrieves the message information from the memory, and provides the message information to an 840 driver, for presentation in a screen 842, for example, an LCD screen. P1347 / 00MX In addition to the above description, the systems previously analyzed by referring to Figures 1, 2, 7 and 8, and the protocol discussed previously with reference to Figures 3, 4 and 5 can be more fully understood in view of the following United States Patents: No. 5,168,493 entitled "Time Division Multiplexed Selective Cali System", granted to Nelson et al., No. 5,371,737 entitled "Selective Cali Receiver for Receiving A Multiphase Multiplexed Signal" granted to Nelson et al. ., No. 5,128,665 entitled "Selective Cali Signaling System" granted to DeLuca et al., And No. 5,325, 088 entitled "Synchronous Selective Signaling System" granted to Willard et al., All of these patents assigned to Motorola, Inc., and whose content is incorporated here as a reference. Referring to Figure 9, a diagram shows a secure messaging system 900 in accordance with the present invention. The paging terminal 102 or selective call signaling wireless system controller receives information comprising a selective call message request that includes a destination identifier and a secure financial transaction message. The information is typically coupled to the radiolocation terminal 102 via a Public Switched Telephone Network (PSTN) P1347 / 0OMX 912 used to transport the information from a regulator 914, such as a bank, a credit card issuer or the like. The PSTN 912 may be coupled to the radiolocation terminal 102 and the controller 914 using conventional telephone lines 910 or possibly a high speed digital network, depending on the information bandwidth required to communicate financial transactions between the controller 914 and a plurality of a financial messaging unit 906. Once coupled to the radiolocation terminal 102, the information is formatted as one or more selective call messages and 922 is transferred to at least one radio frequency transmitter 904 to broadcast at least one financial message unit 906 located in any of a number of communication zones 902. The financial message unit 906 may include an interface that couples encrypted or non-encrypted information, such as the secure financial transaction message to a conventional 920 Smart Card to carry out a financial transaction. Alternatively, the secure financial transaction message may be decoded and stored by the financial message unit 906 when the financial message unit 906 includes capabilities, for example charge and recharge of cash and / or credit services, such as those Found on a Card P1347 / 00MX Intelligent 920. The two-way capability is provided by the 906 financial messaging unit using a return path, either wired or wireless. By way of example, the secure financial transaction message is received by the financial message unit 906 that decodes and decrypts a content of the secure financial transaction message that can represent an effective, credit or debit value token amount. This message content is then stored by the financial messaging unit 906 which depends on receipt confirmation and a subsequent release of funds or credit authorization by the regulator. If the value of the financial transaction is high, the regulator will typically require an acknowledgment from the 906 financial messaging unit before funds based on the received witness are activated, or after a credit or debit transaction is allowed. However, if the financial transaction value is low, the regulator may not require an acknowledgment from the 906 financial messaging unit before funds based on the received witness are activated, or after a credit or debit transaction is activated. allowed In the case of a transaction of low value, the financial messaging unit 906 could be required P1347 / O0 X only to reconcile your funds or credit capacity once a day or a week. The secure messaging system illustrated in Figure 9 allows the return or wireless origin of secure financial transaction messages using an arrival or reverse channel received by the distributed receiving sites 908. These sites are typically denser than the outbound broadcast sites 904, since the transmitter power and antenna characteristics of the financial messaging unit 906 are significantly lower than those of a wide area transmitter site 904 and those of a station. dedicated radiofrequency base. In this way, the size and weight of a 906 financial messaging unit are kept to a minimum, producing a more ergonomic portable device with the added value function of not requiring a physical connection to perform financial transactions such as bank withdrawals, deposits, credit card payments or purchases. Alternatively, the secure messaging system is adapted to accommodate devices of the low-power financial messaging unit 906 that may include additional means to implement the return or origin of secure financial transaction messages using an incoming or outgoing channel. Reverse that is accessed at a point of sale 916 or a bank 914.

P1347 / 00MX In these cases, the lower power financial messaging unit 906 could include an optical laser or infrared port, a capacitive electrical or inductive magnetic, near, low power port, or possibly an audio band or acoustic transducer port. Ultrasonic, all of them could couple the signals between the low-power financial messaging unit 906 and a device such as a point-of-sale terminal, an ATM, or the like. Some cryptographic methods are suitable for use with the present invention. The following definitions are useful for understanding the terminology associated with cryptography as it applies to wireline or wireless communications. Certificate - Certificates are digital documents that certify the union of a public key with an individual or another entity. The certificates are issued by a Certification Authority (CA) which can be any central fiduciary administration dedicated to serving as guarantor to the entities of those to whom it issues certificates. A certificate is created when a CA signs a user's public key plus other identification information, which links the user to its public key. The users present their certificate to other users to demonstrate the validation of their public keys. P1347 / 00MX Confidentiality - The result of keeping information secret about everyone except those who are authorized to see it. Confidentiality is also referred to as privacy. Cryptographic Protocol - A distributed algorithm, defined by a sequence of steps that specify precisely the required actions of two or more entities to achieve a specific security objective. Data Integrity - The assurance that the information has not been altered by unknown or unauthorized means. Decryption - The process to transform the encrypted information (encrypted text) into simple text. DES (Data Encryption Standard) - A symmetric encryption encryption defined and authorized by the government of the United States as an official standard. It is the best-known and most widely used encryption system in the world. Dxffie -Hellman - The Diffie-Hellman key agreement protocol provided the first practical solution to the key distribution problem, allowing the parties to securely establish a shared secret key over an open channel. Security is based on the discrete logarithmic problem. P1347 / 00MX Signature Digi tal - A sequence of data that associates a message (in digital form) with the entity that originates it. This cryptographic primitive is used to provide authentication, data integrity and non-repudiation. P_roJb__e_na of Logari tmo Discrete - The requirement to find the exponent x in the formula y = gx mod p. It is believed that the problem of discrete logarithm is difficult and the strong direction of a function in one direction. Elliptic Curve Encryption System (ECC) - An encryption system based on the discrete logarithmic problem on the elliptic curves. The ECC provides the highest bit strength of any public key system, which allows the use of much smaller public keys compared to other systems. Encryption - The process for transforming simple text into encrypted text for confidentiality or privacy. Entity Authentication - The corroboration of an entity's identity (for example, a person, financial messaging unit, computer terminal, Smart Card, etc.) Fa c tori z ation - The act of dividing an integer into a game of integers, smaller than, when multiplied together, form the original integer. RSA is based on large factoring P1347 / 00MX prime numbers. Information Security Functions - The encryption and digital signature processes that provide information security services. Also known as security primitives. Information Security Services - The purpose of using information security functions. Services include privacy or confidentiality, authentication, non-repudiation and data integrity. Key - A value in the form of a sequence of data used by information security functions to perform cryptographic calculations. Key Agreements - A technique for establishing a key where the shared secret is derived by two or more parties as a function or information contributed by each of these parts, or associated with them, so that no party can predetermine the resulting value. Key Establishment - Any process where a shared secret key is made available to two or more parties, for subsequent cryptographic use. Key Management - The set of processes and mechanisms that support key establishment and P1347 / 00MX the maintenance of relations with key in process, between the parties. Pair of Keys - The public key and the private key of a user or entity in a public-key encryption system. The keys in a pair of keys are mathematically related by means of a solid one-way function. Key Transport - A technique for establishing a key where a party creates or obtains in some way, a secret value and transfers it securely to the other party or parties. Message Authentication - The corroboration of the information source, also known as original data authentication. Message Authentication Code (MAC) A non-solid information function that involves a secret key, and that provides original data authentication and data integration. The MAC is also known as a transaction authentication code, where a message can contain at least one transaction. Non-repudiation - The prevention of denial of previous actions or commitments. Non-repudiation is achieved using digital signatures. Private Key - In a public key system, it is that key, in a key pair, that is kept by the individual entity and never P1347 / 0OMX reveals. It is preferable to embed the private key in a hardware platform as a measure to keep it hidden from unauthorized parties. Public Key - In a public key system, it is that key, in a pair of keys, that is made public. Public Key Cri tography - A cryptographic system that uses different keys for encryption (e) and decryption (d), where (e) and (d) are mathematically linked. It is not feasible from the computational aspect, to determine (d) from (e). Therefore, this system allows the distribution of the public key and at the same time keeps the private key secret. Public key cryptography is the most important advance in the field of cryptography in the last 2000 years. USA - A widely used public key encryption system, named by its inventors R. Rivest, A. Shamir and L. Adleman. The security of RSA is based on the insolubility of the integer factorization problem. Symmetric Key Encryption - An encryption system where for each pair of associated encryption / decryption keys (e, d), it is easy, computationally, to determine d knowing only e, and determine e from d. In most of the practical encryption schemes of P1347 / 00MX symmetric key e = d. Although symmetric systems are effective for dense data encryption, they pose significant key handling problems. Consequently, public key and symmetric key systems are often combined in one system to take advantage of each other's benefits. Asymmetric Key Encryption - An encryption system where each party retains pairs of encryption / decryption keys with variable force, for example, a shorter key can be used in situations that require less security, while a longer key is used in situations that require greater security. As with symmetric key encryption systems, asymmetric systems pose significant key handling problems. Verification - The process to confirm that a digital signature and, therefore, a message entity, is authentic. The following examples illustrate systems that can be used to implement a secure messaging system, in accordance with the present invention. Using ECC Algorithms, a secure signature is generated with non-solid information based on the following information: P is a point of generation on the curve and P1347 / 00MX has order n. H is a secure non-solid information algorithm, such as SHA-1. M is a bit sequence to be signed by an entity A A has a private key and a public key Ya = aP. To generate the signature, Entity A does the following: 1. Calculates e = H (M) (e is an integer) 2. Generates a random integer k 3. Calculates R = kP = (x, y) 4. Converts x to an integer. 5. Calculate r = x + e mod n 6. Calculate s = k- ar mod n. 7. The signature is (r, s). Since R = kp is calculated independently of the message M, it could be precalculated before signing M, which occurs in steps (5) and (6). In this procedure, the time to number and generate a random number is considered insignificant compared to other operations performed. Finally, the previous calculation of certain functions can be carried out to accelerate the calculation of kP in stage (3). Any entity B can verify the signature of A (r, s) in M, carrying out the following stages: 1. Obtain the public key of A Ya = aP. P1347 / O0MX 2. Calculate u = sP 3. Calculate V = rYa 4. Calculate u + v = (x ', y') 5. Convert x 'to an integer. 6. Calculate e '= r-x' mod n. 7. Calculate e = H (M) and verify that e '= e. The following example illustrates the encryption using an elliptic curve encryption scheme. Assume that Entity A has a private key a and a public key Ya = aP, where P is a generation point. Entity B encrypts the sequencing of bit M to entity A using the following procedure: 1. B obtains the public key of A, Ya 2. B generates the random integer k. 3. B calculate R = kP. 4. B calculates S = kYa = (x, y) 5. B calculates C = mi «fi (x). 6. B sends (R, c0 ... cn) to A. Where f0 (x) = SHA-1 (x | |?) And fi (x) = SHA- Alternatively, if RSA cryptography is used, they are relevant The following definitions: n is the module. d is the private slave and the public exponent for entity A. M is a bit sequence to be signed. An RSA signature is generated by Entity A, P1347 / 00MX as follows: 1. Calculate m = H (M), an integer smaller than n. 2. Calculate s = md mod n 3. The signature is s. The RSA signature, as described above, creates digital signatures with appendix. In contrast to the previously analyzed ECC signature, the pre-caul is not possible when using RSA. Note that the signature requires an exponentiation by the private exponent d. Entity B can verify the signature S of A, in M using the following procedure. 1. Get the exponent e and the public n module of A. 2. Calculate m * = mod n. 3. Calculate m = H (M). 4. Verify that m * = m In the RSA verification, an exponentiation by the public exponent e is required. e is preferably selected to be 64 random bits. Similarly, for RSA encryption, an exponentiation with a public exponent is required and the public exponent must be at least 64 bits long for minimum security. In view of the above analysis, what is left of the secure messaging system is described, referring to Figures 10-16. Referring to Figure 10, the P1347 / 00MX illustration shows a high level block diagram of a financial messaging unit 906 in accordance with the preferred embodiment of the present invention. One possible modality of a financial messaging unit 906 is a combination of Smart Card and conventional radiolocation device, as shown in Figure 10. Here, a mechanical slot and the standard Smart Card connector are incorporated into the housing of the mobile device. radiolocation so that an Intelligent Card can be inserted in the housing in such a way as to establish electrical contact between the card and the pager's electronics. Alternatively, the electronics required to implement an Intelligent Card is moved or integrated into the radiolocation device so that the pager functions as a wireless ATM or a true wireless Intelligent Card. Operationally, the input signal is captured by the antenna 802 coupled to the reseptor 804, which detects and demodulates the signal, recovering any information, as previously exposed to the has referensia to Figure 8. Alternatively, the financial messaging unit 906 contains a 1034 low power reverse channel transmitter, 1032 power switch, and antenna P1347 / 00MX transmitter 1030 either to respond to an output channel interrogation or to generate an input channel request. Instead of the portable transmitter 1034 (eg, a low power radio frequency device) and its associated somponents, the alternative block transmission 1036 may contain communication transducers either unidirectional or bidirectional. Examples of these transducers are optical devices such as light-emitting diodes or lasers (LEDs), electrically or inductively sampled field structures of extremely low power (for example, coils, transmission lines), or possibly acoustic transducers in the variety of audio or ultrasound. An input / output (I / O) switch 1002 serves to direct the radio frequency (RF) input or output between the 804 RF receiver, the 1030 RF transmitter and a selective call decoder 1004. The selective call decoder 1004 comprises a processing unit 1006, and its associated random access memory (RAM) 1008, read-only memory (ROM) 1010, and universal input / output module 1012 (1/0). The primary function of the selective call decoder 1004 is to detect and decode the information contained in the signaling intended for reception by means of the financial messaging unit 906. By way of P1347 / 00 X alternative, in a 2-way implementation that includes block 1036 optional reverse channel transmitter, selective call decoder 1004 can also function as an encoder to generate and deliver, requests or messages to the controller 914, a user, or other online system (not shown). Additionally, the financial messaging unit 906 comprises a smart card function module 1014 or secure decoder that serves as a second financial transaction processor. This module comprises control logic 1016, a message entry device 1018, a security code processor 1020, a secure ROM 1022, a programmable read-only memory (PROM) 1024 secure, and an input / output module 1026 ( 1/0) for Smart Card. Certain financial groups have proposed standards for security in the transaction that is carried out end-to-end, in the wired environment land line. The proposed rules for securing electronic financial transactions are based on a peer-to-peer system in which the sending party (for example, a regulator or issuer, such as a bank, or VISAMR) generates a secure transshipment that shows a holiness of value and a code of authentication. The secure transaction is somunica to a part P1347 / 00MX applicant via a device such as an Automated Teller Machine (ATM). To establish and complete a transaction, the requesting party inserts a Smart Card into the ATM, enters an identification code and requests that a value be placed on the Smart Card. The transaction processing system authenticates the Smart Card, the financial status of the requesting party (for example, a statement of account, availability of credit, etc.) and completes or denies the transaction. Accordingly, in view of the above requirements, the control logic 1016 operates to govern the operation of the components associated with the Smart Card function module 1014 to implement and maintain end-to-end security in a secure financial transaction message. The control logic 1016 ensures that any contents associated with the secure financial transaction message are maintained in their encrypted state from a controller 914 until they are actually decrypted by the Smart Card function module 1014 or by an associated Smart Card (not shown). ). Therefore, sensitive information, such as a private encryption key, effigy twill values, bank or credit account numbers, or the like, will be stored in the secure PROM 1024. From P1347 / 00MX Similarly, the secure ROM 1022 can store routing routines that decrypt and encrypt information exchanged between the Smart Card function module 1014 and a 914 controller, a 916 carrier or another Smart Card. The message entry device 1018 allows a user to initiate a request for a cash charge, an effetive transaction, a credit transaction or the like. Typically, a user could enter a request using a keyboard, an activated speech resonation device, a touch-sensitive device (for example, a screen or tilt), or another device for data entry. In the present invention, a user can request a transaction based on information that is communicated with the financial messaging unit 906, stored in the financial messaging unit 906 for later transfer to the Smart Card, or passed directly to the Smart Card. In this form, the financial messaging unit 906 acts as a portable ATM, allowing the user to effect financial trans-transactions without actually visiting an ATM physically. In the case where the messaging unit 906 finances astute as a portable ATM with the possibility of originating, the 1014 function module for the Intelligent Card operates as a second P1347 / O0MX secure message generator forwarded to the financial messaging unit to create a financial transaction request. Once created, a portable transmitter 1034 coupled to the secure message generated operates to broadcast the financial transaction request to a selective call message processor 1104. A receiver 1204 coupled to the selective call message processor 1104 operates to receive and couple the financial transaction request to the selective call message processor 1104. In this way, the financial messaging unit 906 can effect financial transgressions without requiring a physical connection to a solid, wire-to-ground or PSTN network. With respect to the implementation of a reverse channel financial channel messaging unit 906 trained in radiofrequency, as discussed herein, the invention operates, preferably, using the infrared and protosolo of the Motorola ReFlex ™ 2-way wireless radiolocation system that Described in detail in the following documents: United States patent application number 08 / 131,243, filed October 4, 1993 by Simpson et al. and entitled "Method and Apparatus for Identifying a Transmitter in a Radio Communication System"; United States patent application number 08 / 398,274 P1347 / 00MX filed on March 3, 1995 by Ayerst et al. and entitled "Method and Apparatus for Optimizing Receiver Synchronization in a Radio Communication System"; U.S. Patent No. 5,521,926 issued May 28, 1996 to Ayerst et al. and entitled "Method and Apparatus for Improved Message Reception at a Fixed System Receiver"; U.S. Patent No. 08 / 498,212, filed July 5, 1995 by Ayerst et al. and titled "Forward Channel Protocol to Enable Reverse Channel Aloha Transmissions"; and U.S. Patent Application No. 08 / 502,399, filed July 14, 1995 by Wang et al. and entitled "A System and Method for Allocating Frequency Channels in a Two-way Messaging Network", all assigned to the assignee of the present invention, and all are incorporated herein by reference. It should be appreciated that the use of the present invention is contemplated in other 2-way communication systems, such as, for example, in radio and cellular packet data systems. Certain financial groups have proposed security standards to perform end-to-end transactions in the wired land-line environment. The proposed rules for securing electronic finance transactions are based on a system of serrated serials on an equal footing where the sending party (for example, a regulator or P1347 / 00MX issuer, such as a bank, or VISAMR) generates a secure transaction comprising a quantity of value and an authentication code. The secure transaction is communicated to a requesting party via a device such as an Automatic Teller Machine (ATM). To establish and complete a transaction, the requesting party inserts an Intelligent Card into the ATM, enters an identification code, and requests that a value be placed on the Smart Card. The transassignment prosecution system authenticates the Smart Card, the financial status of the requesting party (for example, account statement, credit availability, etc.) and either completes or denies the transaction. In a broader aplissation, the financial messaging unit 906 may be adapted to sleep, the sensitive data or messages, so that the electronic funds transfer information may be safely transferred to a designated recipient device, via a radiolocation channel or the similar. Having now referred to Figure 11, the block diagram illustrates the composition and message encryption equipment, which could be used in the equipment of a financial institution to send authorizations for secure electronic funds transfer, to financial messaging units via a channel of radiolosalization or the like. P1347 / O0MX Specifically, calls from both the customer's branch office and the customer are received by means of a first financial transaction processor 1100 comprising a transaction processing computer 1102, a 1104 computer for message processing and encryption or processor of selective call message which operates as a first secure message generator, a first secure message deodifier, and a selective call message distributor, all functions of the selective call message processor 1104, a subscriber database 1106 , and a security code database 1108. The transaction processing computer 1102 receives financial transferability requests and communicates with the encryption and message processor 1104 to generate and encrypt a secure financial transaction message based on information contained in the security code database 1108 that corresponds to with the applicant and the type of transaction. The message processing and encryption computer 1104 also determines a destination identifier from the information contained in the subscriber database 1106, which allows the selective call message distributor to communicate the destination identifier and its message of destination. secure financial transaction, to a 904 transmission service P1347 / O0MX selective call. The destination identifier may correspond to a sonar radiolocation address, a cell phone address, or any other address that only identifies a destination associated with the secure financial transaction message. The message encryption and encryption equipment illustrated in Figure 11 would normally be used in the facilities of a financial institution to send secure funds transfer electronizations to financial messaging units 906 (e.g., "wireless ATM" devices) via a conventional radiolocation channel, or the like. In the following examples, the transgression information is summarized using standard financial data and data structures, and the message is encrypted using the public and private keys assigned to the target device and the transaction, respectively. The keys assigned to each device, together with their radiolocation addresses, are stored in the user database associated with the processing computer. After each message is encrypted, it is sent as a normal radiolocation message to the radio-signaling system via the public telephone system. P1347 / 00MX The first financial transsession 1100 prosecutor will be exposed in a more somnolent manner are referensia to Figure 12, the sual integrates the first financial transsession 1100 prosecutor are a selestiva call sign system signaling system. Referring to Figure 12, the illustration shows a functional diagram of a selective call signaling system sonucleator that implements a 2-way and 1-way secure messaging system, which is capable of signaling financial messaging units. . The selective call signaling system signaling system 1200 comprises the first financial transsession processor 1100 together are a transmitter 104 and an assorted antenna 904, and in 2-way RF systems, at least one receiving system 1202 comprising a processor received signal and at least one receiving antenna 908. Preferably, several of at least one receiving system 1202 may be distributed over a wide geographical area to receive broadcasting of low power transmissions by means of the 2-way financial messaging units 906 . The number of 1202 receiving systems in any specific geographic area is selissioned to assure averaged averaging for all incoming transmissions.

P1347 / O0MX As you will appreciate a person with perisia in the technique, this number can vary greatly, depending on the terrain, constructions, foliage and other environmental factors. The selective call signaling system sound driver 1200 represents a highly coupled implementation of the secure global messaging system. In practice, a regulator (e.g., a bank, credit card issuer, ets.) May not want the responsibility to maintain the RF infrastructure, i.e., the transmitter 104 and the associated antenna 904, and at least the a receiver system 1202. Consequently, a conventional wireless messaging service provider, or the like, would provide and maintain the RF infrastructure, and the regulator would use that RF infrastructure in a conventional manner to communicate secure financial transaction messages between the regulator and the 906 financial messaging units. As a first alternative to the above operation, the selective call signaling system controller 1200 can operate to encrypt, sodipise and transmit secure financial transaction messages received from a controller, wherein the first financial transaction processor 1100 has generated and encrypted he P1347 / 00MX secure financial transaction message, and the selective call signaling system controller 1200 further encrypts the secure financial transaction message, for a second time. This increases the security level of an associated financial transaction message by encapsulating it using a second unrelated encryption. Subsequently, the financial messaging unit 906 decodes and decrypts the doubly encrypted message, revealing the secure financial transaction message in its encrypted state, and maintaining the end-to-end security required for a financial transaction. Similarly, the sender call signaling system driver 1200 listens to messages originating from the financial messaging unit 906 and passes secure financial transaction messages in its encrypted state to a controller for its debugging and prosecution. As a second alternative to the above operation, the signaling system driver 1200 may operate to encode and transmit secure financial transaction messages between the controller and the financial messaging unit 906. In this case, the first transaction processor 1100 would finance the regulator, have generated and encrypted the secure financial transgression message, and the controller P1347 / 00MX 1200 selective call signaling system operates to associate a selective call address with the secure financial transaction message based on a received destination identifier, then transmits a resulting selective call message to receive it by means of the unit 906 of financial messaging. Subsequently, the financial messaging unit 906 decodes the selective call message, revealing the secure financial transaction message in its encrypted state and thus maintaining the end-to-end security required for a financial transaction. As with the previous operation, the selective call signaling system controller 1200 operates further to receive messages originating from the financial messaging unit 906 and passes the secure financial transaction message, in its encrypted state, to a controller for decryption and prosecution. Referring to Figure 13, the illustration shows the various layers of a messaging system in a format that is similar to the stacking diagram of the International Standards Organization (OSI) that is well known in the electronics industry. With respect to the present invention, the network layer 1302 is a point where financial transitions are initiated. These transasions P1347 / 00MX are then communicated to a messaging layer 1304 wherein the appropriate selective call messages are formed by inclusion in a transport protocol such as MotorolaMR FLEXMR or POCSAG. The signal layer 1306 of channel or conveyor layer represents the point where the low level transport protocols mentioned above are implemented. Finally, the RF channel is the physical medium over which the low-level transport protocol communicates the selective call messages that contain the financial transactions. Referring to Figure 14, the flow chart shows the typical operation of a financial messaging unit, in accordance with the preferred embodiment of the present invention. When 1400 is activated, the financial messaging unit 906 (illustrated as a pager for clarity of explanation) operates "normally", i.e., waits in a waiting state by searching for its selective call address 1404. If the financial messaging unit detects your address and, in particular, detests a security address 1406, for example, a specific selective call address associated with a single one account, or one of several unique accounts, the 906 messaging unit finansiera Resume the secure financial transaction message P1347 / 00MX to carry out a financial transaction. Once the financial messaging unit 906 determines that a secure financial transaction message is received, the Smart Card function module 1014 is set to 1408 and the secure financial transsession message can be deodified to 1410. The deodification is referred to herein. , can represent the resuperasión of the message of transassión finansiera secure from the protosolo native of selestiva call, for example, of a data FLEXMR or POCSAG or from a word of information, or the deodifisado can include the step of desensriptar the message of transassión finansiera segura to recover its contents representing a witness value of the elestronomy, a credit value, a debit value or other information related to a secure financial transaction, such as cryptographic message or session keys. Accordingly, the content of the secure financial transaction message, the logic 1016 of the sontrol and the prosecutor 1006 operate to convey relevant insights 1412 for the financial transsession that is being addressed. Referring to Figure 15, the illustration shows a typical situation associated with requesting and authorizing the transfer of funds or debit from electronic funds through a wireless financial messaging unit.

P1347 / 0OMX from it. A financial transfer sequence is initiated 1500 by means of a call from the customer to his bank 1502, identifying 1504 via a PIN number or other account information 1506, and requesting a transfer or other financial transaction 1508 for communication with his messaging unit 906 wireless financial After verifying the identity of the customer 1510 and the appropriate information of the account 1512, the bank or regulator initiates a sequencing of events to efestuate the transfer of funds, granting of credit, or the like. In a first step, a financial transfer is approved when the financial transaction request is authenticated as originated from an authorized party and the financial transaction is allowed by a regulator 1514. Typically, the regulators allow financial transassessions while a part has sufficient funds to pay. a charge of effetive or debit request, or if a party has sufficient credit available to complete a transaction. Preferably, during approval, the financial messaging unit 906 prompts the user to wait for transaction 1520 and the system initiates the termination of financial transaction 1522. In a second case, the first processor of P1347 / 00MX financial transaction denies the termination of the financial transaction based on the financial transaction request when at least one of the financial transaction requests is not authenticated as originated from an authorized party and the financial transaction is not allowed by a regulator 1516. Typically, regulators deny financial transactions when a party has insufficient funds in the effigy twig or in the debit request, or when a party does not have sufficient credit available to complete a transaction. If the regulator denies the financial transsession, the request is terminated 1518 and the financial messaging unit 906 returns to normal operation. Referring to Figure 16, the illustration shows a typical sequence associated with the wireless transfer of funds or debit funds by a wireless financial messaging unit, and from there, in a secure communication system, both 1-way and 2-way. tracks. The termination of the financial transaction 1522 begins with the search by the regulator or issuer of the destination identifier and the security code (e.g., public or private key) for a user account 1602 associated with at least one messaging unit 906 financial The secure messaging system then generates the message of P1347 / 00MX secure financial transaction that is communicated to the selective call wireless signaling system controller, wherein the selective call message processor 1104 executes a control program that receives selective call message requests comprising a destination identifier and a secure financial transaction message and encapsulates the secure financial transaction message in a selective call message that includes a selective call address corresponding to the destination identifier. This selective call message is then distributed to a selective call transmission service, in response to the destination identifier. The selective call transmission service broadcasts the selective call message to the financial messaging unit 906 that receives the selective call message. Optionally, the financial messaging unit 906 can send a first message indicating the user to insert a Smart Card for transfer of funds or the like. The bank will then wait 1606 for an appropriate 1608 time period, then send a transmission comprising information with the Smart Card account number to make a credit, the sanctity of the transsession and the coded information to verify that the Smart Card to the that you will be debited is valid and P1347 / 00MX is not a counterfeit 1610. Obviously, if the Smart Card is integrated are the financial messaging unit 906, it is not necessary to perform steps 1604, 1606 and 1608. A bank will typically record 1612 the success or failure of a transaction during its termination 1614. In a financial messaging unit 906 having a two-way layer 1616, the bank can expect to receive a resonance 1618 comprising a secure financial transaction message returned, which confirms the execution of the financial transaction. When the financial transaction is completed successfully, an optional message 1624 may be presented to the user in the financial messaging unit 906 before the financial messaging unit returns to an inactive state 1626. Alternatively, if the acknowledgment is not received after a period of With default delay period 1620, the bank can re-initiate the previous financial transaction 1622. In a variation of the operation set forth in the reference to Figures 14-16, the user can remain in communisation during the financial transsession, and the bank can hold a Non-real time resosimiento that the transaction was successfully completed using an alternative tray, that is, a different one from the RF reverse sanal. This can be achieved P1347 / 00MX using a radiolinking device either 1-way or 2-way in an ATM machine, or having the user remain in a telephone or other sleep device during the entire transaction. Additionally, a distinctive audio alert pattern may be generated by the financial messaging unit 906 to signal that the financial transaction has been completed without error. In a further manner, if a device that is associated with a normal messaging function is detested, the financial messaging unit 906 will function as a normal radiolocation device. However, if the detected address is associated with a secure data transmission address, the secure decoder module can be activated, the secure financial message received can be decrypted, and the information contained in the message would be processed in accordance with any of the content of the message or with the rules associated with the address received. A person is ordinary skill in the art will appreciate that the foregoing disclosure in relation to the claimed invention does not mean that the system is limited to a transport protosolo, wireless means, schematic diagram or physical somunization devices.

P1347 / 00MX Accordingly, the claimed invention and other variations made possible by the content herein, represent only a few selected ways in which a secure messaging system for communicating financial information can be implemented using the unique principles set forth in the present invention. It is in the preceding spirit that the authors claim the following, as their invention: P1347 / 00MX

Claims (34)

1. NOVELTY OF THE INVENTION Having discussed the present invention, it is considered as a novelty and, therefore, it is resigned as property in the following CLAIMS: 1. A secure messaging system that includes: a first secure message generator that srea a secure financial transaction message; a wireless selective signaling system controller that receives the secure financial transaction message, the system controller comprises: a selective call message processor comprising: a processor having an associated electronic memory to execute a control program that: receives selective call message requests comprising a destination identifier and the secure financial transaction message; and encapsulates the secure financial transaction message in a selective call message that includes a selective call address corresponding to the destination identifier; and a selective call message distributor coupled to the selective call message processor, the message distributor of P1347 / 00MX selective call operates to distribute the selective call message to a selective call transmission service in response to the destination identifier; and a financial message unit that receives the selective call message and, in response to the correlation of the selective call address with a selective call address corresponding to the financial message unit, retrieves the secure financial transaction message for make a financial transaction.
2. 2. The secure messaging system according to claim 1, which comprises: a first secure message decoder coupled to the controller of the selective call signaling system and to the first secure message generator, the first secure message decoder operates to decode a Financial transaction request received from a financial transsession system, whether it is remote or remote.
3. 3. The secure messaging system according to claim 2, comprising: a first financial transaction processor forwarded to the first secure message generator and the first secure message decoder, the first financial transaction processor allows a financial transaction to be completed P1347 / 00MX based on a financial transaction request when this request is authenticated as originated by an authorized party and when the financial transaction is allowed by a regulator.
4. 4. The secure messaging system according to claim 2, comprising: a first financial transaction processor coupled to the first secure message generator and the first secure message decoder, the first financial transaction processor denies completion of a financial transaction that is based on a financial transaction request, in at least one of the following cases: the financial transaction request is not authenticated as originating from an authorized party; and the financial transaction is not allowed by a regulator.
5. 5. The secure messaging system according to claim 4, wherein the financial transaction is not allowed by a regulator when the predetermined funds transfer limit has been exceeded.
6. 6. The secure messaging system according to claim 4, wherein the financial transaction is not allowed by a regulator whose predetermined credit limit has been exceeded.
7. 7. The secure messaging system according to claim 2, which comprises: P1347 / 00MX a second secure message generator coupled to the financial messaging unit, the second secure message generator operates to create the financial transaction request; a portable transmitter coupled to the second secure message generator, the portable transmitter operates to broadcast the financial transaction request to the selective call message processor; and a reseptor coupled to the selective call message processor, the reseptor operates to support and override the transfer request, finances the selective call message enhancer.
8. 8. The secure messaging system according to claim 7, comprising: a first pass-through processor will finance the first secure message generator and the first secure message de-encrypter, the first financial transsession processor will allow a financial transship based on In the financial transaction request this request is authenticated as originated from a financial messaging unit and the financial transference is allowed by a regulator.
9. 9. The secure messaging system according to claim 8, wherein the first financial transaction processor generates and returns a second P1347 / 00MX message disabling the transaction processor finansiera hasia the messaging unit finansiera, suando is detested an inappropriate use of the financial messaging unit; the second disabling message of the financial transaction processor operates to disable a second financial transaction processor and avoid any additional financial transaction by a financial messaging unit.
10. The secure messaging system according to claim 8, comprising: a second secure message decoder coupled to the financial messaging unit and the second secure message generator, the second secure message decoder operates to de-diffuse the financial transaction message secure received from the wireless selective signaling system controller.
11. The secure messaging system according to claim 10, comprising: a second financial transaction processor coupled to the second secure message generator and the second secure message demodifier; the second financial transaction prosecutor allows a financial transaction to be completed and is based on the secure financial transsession message when this message is authenticated as originated from the first transaction prosecutor P1347 / 00MX financial and when the financial transaction is allowed by a regulator.
12. The secure messaging system according to claim 10, comprising: a second financial transaction processor coupled to the second secure message generator and the second secure message decoder; the second financial transaction processor denies that a financial transaction is completed based on the secure financial transaction message in at least one of the following processes: if the secure financial transfer message is not authenticated as originated by the first financial transsession processor; and when the financial transaction is not allowed by a regulator.
13. The secure messaging system according to claim 7, comprising: a first financial transaction processor coupled to the first secure message generator and the first secure message decoder, the first financial transaction processor denies that a financial transaction is completed; basis in the financial transcession request, in at least one of the following cases: when the financial transaction request is not authenticated as originated from the unit of P1347 / 00 X financial messaging; and when the financial transaction is not allowed by a regulator.
14. The secure messaging system according to claim 13, wherein the financial transaction is not allowed by a regulator when the predetermined funds transfer limit is exceeded.
15. 15. The secure messaging system according to claim 13, wherein the financial transaction is not allowed by a regulator when the predetermined credit limit is exceeded.
16. 16. The secure messaging system according to claim 2, wherein the first secure message generator and a second secure message generator use public key cryptographic techniques to encrypt at least a portion of the secure financial transshipment message used to transport a secure message. transsession session slave finansiera.
17. 17. The secure messaging system according to claim 16, wherein the financial messaging unit comprises: a second secure message decoder that decrypts, by means of public slave cryptographic techniques, at least one portion of the financial transfer message to be sure to resurrect the transsession session slave finansiera.
18. 18. The secure messaging system according to P1347 / 00MX claim 17, wherein the second secure message decoder further decrypts a remaining portion of the secure financial transaction message using the financial transaction session key.
19. 19. The secure messaging system according to claim 1, where the destination identifier corresponds to a unique credit card of the type that enables the financial messaging unit.
20. 20. The secure messaging system according to claim 1, wherein the destination identifier corresponds to a unique debit card of the type that enables the financial messaging unit.
21. 21. The secure messaging system according to claim 1, wherein the destination identifier is responsive to a unique value card of the type that enables the financial messaging unit.
22. 22. The secure messaging system according to claim 1, wherein the selective call message is a message of POCSAG format.
23. 23. The secure messaging system according to claim 1, wherein the selective call message is a message of Motorola FLEXMR format.
24. 24. The secure messaging system according to claim 1, wherein the transassignment message Secure financial P1347 / 00MX is further encrypted within the selective call message.
25. 25. The secure messaging system according to claim 24, wherein the secure financial transaction message is further encrypted using public key cryptography.
26. 26. The secure messaging system according to claim 24, wherein the secure financial transaction message is further encrypted at least in part by public key cryptography.
27. 27. The secure messaging system according to claim 26, wherein public-key cryptography is implemented using elliptical curve cryptography.
28. 28. The secure messaging system according to claim 24, wherein the secure financial transgression message is further encrypted using symmetric private key cryptography.
29. 29. The secure messaging system according to claim 28, wherein the messaging unit finances a token that represents a value to be subsequently transferred to a smart card, the token is resumed from a content of the secure financial transaction message.
30. 30. The secure messaging system according to claim 24, wherein the secure financial transaction message is further ensripted using asymmetric private slave cryptography. P1347 / 00MX
31. 31. The secure messaging system according to claim 30, wherein the financial messaging unit directly transfers a token representing a value, to a smart card, the token is resumed from a stencil of the financial transaction message safe.
32. 32. The secure messaging system according to claim 30, wherein the financial messaging unit directly stores a token representing a value, the token being retrieved from a content of the secure financial transaction message.
33. 33. The secure messaging system according to claim 32, wherein the financial messaging unit includes a portable financial transaction processor that allows the messaging unit to operate as a wireless smart card.
34. 34. The secure messaging system according to claim 1, wherein the financial messaging unit receives and decrypts a content of the secure financial transaction message. P1347 / 00MX