RU2256216C2 - System for paying for services in telecommunication network - Google Patents

Abstract

FIELD: electronic financial systems.

SUBSTANCE: system has terminal 1, phone 2 of client, block 5 for receiving telecommunication information from user, database 10 and block 9 for comparison, additionally provided are processor 7, generator of identification code 4, identification block 8, block 11 for payment realization and block 12 for forming confirmation message.

EFFECT: higher reliability, higher efficiency.

1 dwg

Description

The technical solution relates to electronic money systems and can be used for non-cash electronic payments, including for payment for goods or services on the Internet.

Various electronic payment systems are known, including in telecommunication networks. The system according to US patent N 5699528 is made with the ability to provide the user access to the server of the communication network to obtain information about goods and services. The network may be, for example, the Internet. Using a personal computer, the user can access the provider’s website to familiarize themselves with the details of bill payment. The system also involves the user receiving an electronic invoice in the form of an email, information regarding goods and services, to his email address. After opening an account, the user can make a payment by sending an email. In this case, to pay for services, it is necessary to open a current account for prepayment of a service or product. At the same time, the user is forced to resort to the services of third-party organizations, which complicates the payment for services.

A device is known according to the application WO 02/37358, when a request is sent from the user's personal computer to the server of the operation center via the Internet. The server sends the authentication confirmation number generated by the random number generation module to the personal computer of the requesting communication party. The requesting party connects to the modem via a portable telephone and enters the authentication confirmation number displayed on the user's personal computer during operations with the keys of the portable telephone. The authentication module authenticates the request for communication of the requesting party to establish communication with the network if the phone number stored in the user information storage module is consistent with the phone number sent by the modem, and if the authentication confirmation number is entered through the phone correctly.

There is a method and system according to the application US 2002046055 for performing a verification procedure (callback) for commercial transactions (transactions), which is presented to the client as part of a commercial transaction (this procedure can be carried out both on the seller’s website and on another website where the client is redirected) . The user is required to enter his callback phone number along with payment information (for example, credit card number). Then, the validity of the credit card is checked, and the callback number is checked in order to see previous attempts made that were associated with the same callback number. The automatic voice recognition unit is used for further interaction with the client. The client is required to enter a “fingerprint”, which will subsequently be associated with a specific transaction (transaction) that the client will try to complete. Also, an additional verification code associated with the transaction being processed can be used for the client. The voice fingerprint received from the user is subsequently verified and stored in memory for future use.

There is also known a method and system for verifying the authenticity of electronic transactions on the application WO 0219614. In this system, the user terminal is associated with the register. A user terminal can be either a simple computer or a portable computer, a digital TV, a hand-held device, etc., which can be connected to the Internet or to another network. The register may be located on the center server. The user enters certain information through the terminal, then this information is transmitted to the register. The register module contains a receiving module that receives requests from a user terminal. The receiving module is associated with a database used to store and search user information. The receiving module is also connected to an interactive voice recognition system, which can contact the user through an alternative (additional) channel. This channel allows you to communicate through a regular or mobile phone, pager or other devices. The service center is associated with the register. The service center allows the user through the terminal to carry out electronic transactions. A service station may be some kind of commercial website promoting electronic transactions.

After the register receives profile information, it initiates a call to the user on the device indicated by him, for example, a mobile or regular phone. The device specified by the user works through an additional channel, separate from the main channel of the transaction. The user is prompted to enter an authentication code. This code after entering it by the user is stored in the database, and the user is considered registered.

A service provider that provides the user with goods and / or services is also registered in the register. A registered user may request an electronic transaction with a registered service provider. Two channels are required to initiate and authenticate an electronic transaction. The first channel provides security for the user requesting the transaction and receiving the transaction identification number. The second channel is used for authentication.

The user must enter an authentication code for registration through an additional channel, for example, a cell, mobile or regular phone, pager, credit card (with microprocessor). Thus, if the user password is stolen, an authentication code is still required to continue the transaction. An additional channel (authentication code and identification number) provides an additional level of protection for vulnerable electronic transactions.

The user must enter two sets of numbers, one relating to a particular transaction, for example, the transaction identification number, and a second characterizing the user, for example, an authentication code. User identification prior to the transaction by entering the authentication code through an additional channel, different from the main channel through which the transaction is conducted, provides a higher level of protection than a simple password check.

Thus, the system for electronic transactions includes a registration module that registers users for electronic transactions, and an authorization / authentication module that initiates a telephone for further verification of user identity. The authorization / authentication module contains a database for storing user identification data, and also includes a voice recognition system containing a set of options for the user to enter his authentication code.

These systems have a fairly complex algorithm and hardware configuration when implementing the device.

Closest in its technical essence to the claimed one is a system of paying for services in a telecommunication network according to RF patent N 2167498. It contains a user terminal that is connected via its Internet line to its input to the input of the user’s telecommunication information reception unit installed in the operation center, the first input-output of which connected to the input / output of the database. The system also contains a user telephone connected through the general-purpose telephone line to the input of the user telephone information reception unit installed in the operation center, the output of which is directly connected, and the input-output through the encoder is connected to the corresponding RAM inputs, the second input of which is switched on -Exit of the receiving unit by telecommunication information of the user. The RAM output is connected to the input of the comparison unit, the input / output of which is connected to the second input-output of the user telecommunication information receiving unit. The disadvantage of this system is the possibility of a situation of unfair access to resources due to errors in user identification.

The objective of the proposed solution is to increase the reliability of the system. This is achieved by the fact that the system of payment for services in a telecommunication network, comprising a user terminal and telephone, connected by their outputs to the inputs of the user telecommunication information receiving unit and the user telephone information unit installed in the operation center, the database and the comparison unit, is characterized in that the operations center is equipped with a processor, an identification code generator, an identification unit, a payment execution unit, and a community confirmation generation unit ia, and the first output of the user telecommunication information receiving unit is connected to the input of the identification code generator, the output of which is connected to one of the inputs of the user terminal, the processor center of the operation center is connected to the other input, the first output of the user telephone information receiving unit is connected to the first input of the execution unit payment, its second output is connected in parallel to the inputs of the comparison unit and the database, and its third output is connected to the first input of the identification unit, to the second input to the second output of the user’s telecommunication information reception unit is switched on, the outputs of the database and the comparison unit are respectively connected to the third and fourth inputs of the identification unit, the output of the identification unit is connected in parallel to the resolution input of the processor of the operation center, to the second input of the payment execution unit and to the input of the confirmation generation unit messages whose output is connected to the input of the user's telephone.

The essence of the proposal is illustrated in the drawing, which shows a functional diagram of a service payment system in a telecommunication network. The proposed system of payment for services in a telecommunication network comprises a user terminal 1, for example, a personal computer connected to the Internet or another telecommunication network. The network user is at the same time a subscriber to the public telephone network to which his telephone set 2 is connected. The telephone set 3 of the payee is included in the same network. The algorithm for identifying user data and making payments is performed using the equipment of the operation center, which includes an identification code generator 4, a user telecommunication information reception unit 5, a user telephone information reception unit 6, a processor 7, an identification unit 8, a comparison unit 9, base 10 data, the payment execution unit 11 and the message confirmation generation unit 12. The output of the user terminal 1 via the Internet line is connected to the input of the user telecommunication information receiving unit 5, the first output of which is connected to the input of the identification code generator 4, the output of which is connected to one of the inputs of the user terminal 1, the output of the processor 7 is connected to the other input.

The telephone apparatus 2 of the user is connected to the input of the unit 6 for receiving telephone information of the user. Block 6 receives information about the identification of the user's computer, his phone number, the composition of the required service, and the user's solvency. The first output of the telephone information receiving unit 6 of the user is connected to the first input of the payment execution unit 11, its second output is connected in parallel to the output of the comparison unit 9 and the database 10, and its third output is connected to the first input of the identification unit 8, the second input of which includes the second the output of the unit 5 for receiving user telecommunication information, the outputs of the database 10 and the comparison unit 9 are respectively switched on to the third and fourth inputs of the identification unit 8. The database 10 and the comparison unit 9 are entered information about the user's phone number and information about his computer. The identification unit 8 receives telephone identification data of the user and his computer requests. The output of the identification unit 8 is connected in parallel to the input of the resolution of the processor 7, to the second input of the payment execution unit 11 and to the input of the message confirmation generating unit 12, the output of which is connected in parallel to the inputs of the telephone sets 2 of the user and 3 of the payee.

The system works as follows. When paying, for example, Internet services, the user receives on his computer screen information about the need to make a payment in order to gain access to any service provided via the Internet. As an alternative credit card method, he is invited to use to pay with his phone. If he agrees, then after confirmation he is invited to read the terms of access and confirm his agreement with them and the intention to pay for the service. After confirmation, an instruction appears on the screen, in which the code received from the operation center via the Internet is indicated, and a sentence in which the user is asked to fill out a table with graphs:

- The phone number from which he intends to make the payment,

- A password that the user selects at random (upon first payment) and which is stored in the database 10 of the data. (Thus, each user of the considered payment system has a password that he chooses and which is stored in the database 10 and allows each time to check whether someone uses this phone to pay without the permission of the owner).

- Additional data on the parameters of the service (if necessary).

This data is transmitted by the user to the operations center.

The instructions also suggest confirming your consent to pay by phone (and agreeing to the payment terms), for which you should call some number (paid service number), and after the connection is confirmed, dial the code specified in the instructions displayed on the screen , and the selected password.

Using the technical facilities installed there, the operating center identifies the phone number from which the call was made, and then compares the recognized number with the number sent via the Internet (indicated by the user in the table on the computer screen), comparing the code transmitted via the Internet with the received over a telephone line, as well as comparing a password received over the Internet with a password received over a telephone line. In case of a coincidence in all three cases, a signal is issued to allow access to a paid service and an invoice is generated that is sent through a telephone operator to the client, and the required amount is debited from his current or credit account (by a signal from the output of payment execution block 11).

In the proposed system, the coincidence of all three parameters (phone number, code and password entered by the user) is checked.

It would be possible to limit ourselves to just dialing the code that is displayed on the screen, and comparing this code with that received through the telephone line from the subscriber. The service code is generated by the computer 7 of the operation center in response to a user’s request for access and intention to pay for the service via telephone and is individual (that is, it cannot be transferred simultaneously to another user by another similar request). When you dial this code and send it over the telephone channel and then compare it with that stored in the computer 7 that generated it, the address of the computer from which the request was made, the telephone number of the user (subscriber), and the service parameters are unambiguous. On the other hand, it is guaranteed that the user consciously confirmed the consent to payment, since in order to dial the code, he had to read the conditions and rules of access beforehand. Automatic identification of the phone number from which the code was dialed makes it possible to present an invoice and guarantee payment (if there is an appropriate legal and contractual base).

The user's phone number is automatically recognized by the telephone information receiving unit 6 and this, in principle, is sufficient to confirm payment and provide access to the service with this number. But at the same time, there is a small but non-zero probability of error. For example, if you do not confirm the phone number by dialing on the computer, then due to the possibility of an error in recognizing it, a conflict may arise when paying.

If you do not type a password, but confine yourself to only the other two parameters, then conflict situations are also possible. For example, there may be a situation where someone uses the phone without the consent of the owner. In this case, the password previously registered for this phone number (known only to the true owner) excludes this possibility.

Consider the possibility of using a similar scheme for settlements between subscribers of telephone operators. At the same time, a legal basis for mutual settlements should be provided, i.e. the relevant agreements are signed. Technically, the procedure is implemented according to a scheme similar to the previous one. The difference is that in order to make a payment to another person, the Internet user must indicate his phone number and the amount that he wants to transfer to his account on the screen of his computer. Then, after comparing all the data received via the Internet and the telephone line, a team is formed to transfer the specified amount to the recipient's account (it is stored in the user database of this settlement system), which is sent to the corresponding financial operator with which an agreement has been concluded. At the same time, a message is sent to the user's computer (and if necessary, if agreed in the contract, to the phone) confirming the operation. The same message is sent to the phone of the payee (as CMC or e-mail - letter).

In order to use these services in the absence of a computer, you can use the service of sending and receiving e-mail via the telephone provided by many operators, or the CMC message channel. In this case, all operations are carried out similarly, only the code is received on the phone’s display. The necessary parameters are also dialed (password, phone number, additional data). The considered option can be used to implement various kinds of payments, for example, for paid TV channels, housing payments, participation in electronic games (casinos, lottos, etc.). If there is an appropriate system of agreements between the telephone operator, the provider of the paid service and the banking institution in which the subscriber has an account, it is possible to practically provide any financial transactions and at the same time they will not require special equipment other than telephones.

The proposed system is especially effective for small payments, when you can use the simplest algorithm for their implementation, which does not require a set of payment data on a computer screen. At the same time, for the operation to be completed, it is necessary to dial the telephone number of the service provider, then, following the voice navigation, enter the user's password (known only to him personally, as well as stored in the database of the telephone operator), the telephone number of the beneficiary (payee), the transfer amount (or service code with fixed and known in advance value). To eliminate an error, the subscriber can at any time press a special character (*) and repeat the entire set from the beginning. The data that the subscriber dials is reflected on the telephone display. After completing the operation, he receives a CMC on his phone with confirmation of the operation. To increase reliability and security, you can require confirmation via the CMC channel in response to the transmitted message about the service.

The general technology of telephone payments is as follows.

A provider service center is being established where equipment for processing payer calls is installed. This center provides recognition of the telephone number of the caller, reception of the payer's PIN code, reception of other data necessary for the operation. After processing the data, a payment receipt is sent to the payer's phone (via the message channel), which contains data on the operation being performed. The payer confirms the payment, if agreed, and cancels if an error is detected. If necessary (making a large payment - more than a certain predetermined amount) of additional payment security measures, additional identification of the caller’s voice is introduced, for which he is invited to answer the security question. The response contains digital information known only to the registered owner, as well as some random code sent to the payer at the same time as the receipt for confirmation. All these measures exclude the possibility of an unauthorized payment, which can be made without the consent of the owner from his phone or by issuing a fake SIM card. The random code is automatically decrypted in the payer's phone using a pre-recorded decryption password. Due to this, the set of numbers dialed in response differs from that transmitted over the communication channel. This protects the operation from trying to simulate it with a fake SIM card. In this case, you need to fake not only a SIM card, but also a phone (that is, write the password and decryption algorithm into it, the same as in the provider's operations center, which is almost impossible). In general, recognition of the number of the device from which the call is made also protects against forgery of the SIM card. Another danger is an attempt to simulate a payment through Internet channels by intercepting data on current payments. Protection against this danger is carried out by sending to the CMC channel of the payer a certain number that will be decrypted by the recipient (the decryption code can be intercepted and calculated only with repeated interception), and if this code is made floating, the cost of such an operation is beyond reasonable. The proposed technical solution passed an experimental test and showed high reliability.

Claims (1)

A system for paying for services in a telecommunication network, comprising a user terminal and a telephone connected to its outputs, respectively, with the inputs of the user telecommunication information receiving unit and the user telephone information unit installed in the operation center, a database and a comparison unit, characterized in that the operation center is equipped with a processor, an identification code generator, an identification unit, a payment execution unit and a message confirmation generating unit, the first exit d, the unit for receiving telecommunication information of the user is connected to the input of the identification code generator, the output of which is connected to one of the inputs of the user terminal, the output of the processor of the operation center is connected to the other input, the first output of the unit for receiving telephone information of the user is connected to the first input of the payment execution unit, its second the output is connected in parallel to the inputs of the comparison unit and the database, and its third output is connected to the first input of the identification unit, to the second input of which the second the output of the user’s telecommunication information receiving unit, the outputs of the database and the comparison unit are included respectively at the third and fourth inputs of the identification unit, the output of the identification unit is connected in parallel to the resolution input of the operation center processor, to the second input of the payment execution unit and to the input of the message confirmation generating unit, output which is connected to the input of the user's telephone, while the user terminal, the user's telephone have connections to the network ernet.