RU2433475C2 - Procedure for identifying and authenticating customers during online payments using mobile telephones - Google Patents

Abstract

FIELD: information technology.

SUBSTANCE: operation method of a mobile terminal device during a payment procedure comprises the following steps: selecting the payment method, sending the necessary data, providing the user with an operation identification code, the user sending the identification code via a mobile telephone to an authorisation and processing centre, receiving a MSISDN, a mobile telephone equipment identifier and an operation identifier code, wherein the MSISDN is also sent as an identification characteristic, informing the user on successful reception of the code at the mobile telephone or user computer, setting up a secure Internet connection between the user computer and a web server in order to select the payment instrument and send a personal identification number, activating a connection with a financial institution in order to authorise payment, confirming the payment operation of the user, sending data to the online store of the vendor and to the financial institution.

EFFECT: improved user identification, high security during online payments.

5 cl, 10 dwg

Description

FIELD OF THE INVENTION

The presented invention in a General sense relates to a system for exchanging data on financial transactions between a point of sale on the Internet, a mobile terminal device and an authorization and processing center.

BACKGROUND

Mobile telecommunications technology is unprecedented worldwide success. Never before in history has high technology achieved market penetration in such a short period of time. On the other hand, the popularity of the Internet continues to grow due to the abundance of information, services, commercial applications and entertainment available on the Internet resources used by visitors.

However, in order to gain access to most of the most useful information and the most useful services while maintaining an acceptable level of security, users must remember the ever-increasing number of usernames, passwords, personal identification numbers (PINs / PINs), etc. For services requiring additional security, such as electronic commerce, mobile commerce, virtual banking, etc., the use of passwords or PIN codes as means of identification or authentication is not sufficient. Stronger identification and authentication tools are required.

Today's Internet payment systems employ various methods of identification and authentication. For example:

- username and password

- pre-generated security codes

- certificates

- Enter the confirmation code received through the short message service (SMS).

Some payment systems use SMS to identify a customer. The payment service sends a confirmation code to the client’s mobile phone. He enters the code in a web browser and the system identifies it. Methods of this type are inconvenient for customers, because the procedures are complex, time consuming and incomprehensible. In addition, users may think that their mobile phone numbers may be used.

In the present invention, an approach is proposed that contributes to services related to the security of communications of mobile networks and the Internet. As previously described in document WO-0233669, entitled “SYSTEM FOR PAYMENT DATA EXCHANGE AND USED IN IT PAYMENT TERMINAL”, the presented invention focuses on security services in mobile phones using GSM smart cards, in particular, in subscriber identity modules ( SIM).

This description describes a mobile payment scenario in which a payment transaction carried out on the Internet is carried out by using a combination of mobile communication channels and interconnection.

Among other types of identification and authentication methods, the proposed method for identifying a client and enabling him to carry out secure payment transactions is the fastest and easiest.

SUMMARY OF THE INVENTION

One of the objects of the present invention is the identification and authentication of a user to make payments on the Internet online using a mobile phone.

In accordance with the invention, a payment system and procedure is provided.

In accordance with the invention, there are presented: a system with many partners with the characteristics of claim 10, a client in the client-server network with the characteristics of claim 11, a hybrid client in the system with many partners with the characteristics of claim 13, a server in the network 1 client -server with the characteristics of clause 15, the method of functioning of the mobile terminal device in the payment procedure with the characteristics of clause 16, the method of functioning of the mobile terminal device during identification and authentication of the user during the aforementioned step The reliable procedure with the characteristics of claim 17, a program code containing a computer program product, a computer-readable medium, a modulated data signal or a computer data signal, each of which is designed to perform one of the above methods, is presented in paragraphs 22, 23, 24, respectively , the operation data exchange system with the characteristics of claim 25, and the participant in the operation data exchange system is presented with the characteristics of claim 26.

Other aspects of the invention are presented in other claims, in the following description, and also in the drawings.

The remaining characteristics are an integral part of the described methods and products or will be obvious to specialists in this field of technology from the following detailed description of embodiments and the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

Below will be described by way of example embodiments of the invention with reference to the accompanying drawings, in particular:

Figure 1 is a structure of a system with a web interface in accordance with one embodiment of the invention.

Figure 2 is a structure of a system with a WAP interface in accordance with another embodiment of the invention.

Figure 3 is a diagram of the identification and authentication of the client through the aforementioned web interface in accordance with one embodiment of the invention.

FIG. 4 is a diagram for identifying and authenticating a client through the aforementioned WAP interface in accordance with another embodiment of the invention.

5a-5c are a block diagram in which a PIN code is entered after identifying a client in accordance with one embodiment of the invention.

6a-6c are a block diagram in which a pin code is entered prior to identifying a client in accordance with one embodiment of the invention.

Figure 1 illustrates the structure in accordance with one embodiment of the invention.

User 1, as a rule, is a client located at a personal computer (PC) 2, and which, for example, displays an application using a web browser and which has a mobile terminal device 3 having, for example, a WAP interface.

The aforementioned PC 2 is connected via an interface component to the Internet 5 via connection 4, for example, via an information transmission channel. On the other hand, the mobile terminal device 3 has a detachable connection through an interface component to the mobile communication network 16 through the connection 17. The user PC 2 and its mobile terminal device 3 form a hybrid communication node 18.

The virtual web store 7 of the seller is connected to the aforementioned Internet 5 through a connection 6. On the other hand, an APC (authorization and processing center) 8 having subsystems is also connected to the aforementioned Internet 5 through a connection 12. The subsystems of the aforementioned APC 8 are a web server 9 , the gateway 10 of the mobile network and the data server 11.

The aforementioned mobile communication network 16 is connected to the aforementioned gateway 10 of the mobile communication network of the aforementioned APC 8 through a connection 13.

The above data server 11 is connected to the financial institution 15 through a separate connection 14.

The aforementioned user 1 is registered with APC 8 and has a valid mobile payment tool (Diners, Master, Euro, Amex, Visa cards, etc.) issued by financial institution 15.

At the moment, in accordance with an embodiment of the present invention, for example, the following function is performed: user 1 browses on his PC 2 the Internet application 7 of the seller’s store via the Internet 5.

After the user 1 has finished making purchases, services, or also the payment procedure, operate as follows.

The first step is to choose a payment method in the Internet application 7 of the seller’s store, which makes it possible to conduct a mobile payment.

After that, the Internet application 7 of the seller’s store activates the payment application of the web server 9 of the authorization and processing center.

Then, the seller’s online application 7 transfers to the APC 8 all the necessary data on the payment transaction, such as the amount, reference account number, etc.

After that, the web browser displaying the payment application 9 of the APC web server for the user on his PC receives the operation identification code that is generated in APC 8.

After receiving the operation identification code on the PC 2 via a web browser, the user must send this operation identification code via his mobile phone 3 to APC 8, more precisely, to the gateway 10 of the APC mobile communication network. The task of the APC gateway 10 is to obtain the MSISDN (Mobile Subscriber’s ISDN Number), the equipment identifier of a particular mobile phone 9, which is also sent as an identification characteristic when using mobile phone 3, and an operation identification code.

In the next step, the APC 8 informs the user 1 about the successful receipt of the operation identification code through his mobile phone 3, through the web browser of the user's PC 2, or through both of them.

Next, the Internet connections 4, 12 are set up as secure connections between the user's PC 2 and the APC web server 9. Secure encrypted communication allows user 1 to securely select a payment instrument in application 9 of the APC web server and securely transfer the PIN code associated with the payment instrument to APC 8.

On the APC 8 side, data connection 14 is activated with a financial institution in order to authorize a payment instrument.

If authorization on the side of the financial institution (issuer) 9 is successful, then the last step is to issue confirmation of the payment transaction to user 1 through his web browser. This completes the payment operation on the Internet for user 1.

After that, all the necessary data about the operation is recorded in the APC data server 11, and, in addition, all the necessary data is sent to the seller’s Web store 7 and to the data platform of the financial institution 15.

The advantage of using such a hybrid means by using a mobile terminal device 3 and PC 2 is the possibility of using several options, for example, using two different communication methods, that is, bidirectional communication, or using different interface standards, such as Internet protocols or WAP, to execute applications.

The aforementioned electronic payment application, considered as a whole, is distributed among several participants, for example, is a system of four partners, with each of the partners or participants, for example the aforementioned user, hybrid means of communication formed by a mobile terminal device and a personal computer, the aforementioned Web the store, the aforementioned APC and the aforementioned financial institution can receive and process incoming information, send and forward outgoing information ation, satisfying the requirements of the corresponding interface standard used for the corresponding communication method, for example, in the relevant frequency range or optimized channel.

Each participant in the aforementioned partner system provides means, for example, for receiving, forwarding, relaying, processing and filtering messages, including intermediate memory, storage or scheduling strategies in accordance with a standard software application.

On the one hand, the environment of a mobile terminal device has limited or different resources, taking into account, for example, network bandwidth, display, memory, processor, stored available energy in connection with the achieved operating time and input / output terminals compared to a PC.

Also, mobile device users have limited I / O capabilities, for example, a small alphanumeric input unit or a small display device, which is a consequence of the external dimensions of the devices.

Secondly, the normal context for using so-called wireless applications running on the aforementioned mobile terminal device is very different from the context of network and Internet applications running on a personal computer.

Thirdly, existing network connections, usually over-the-air, are not only much slower due to atmospheric effects on the transmission channels and due to transmission properties, such as channel loading aspects and signal-to-noise ratios, but are also more expensive.

However, in this case, in the field of Internet payments, most of the characteristics of a mobile terminal device, for example, its size compared to the size of a personal computer, immediately become a big advantage when used together, for example, through collective or additional use of transmission channels, taking into account the requirements applications.

According to an embodiment of the present invention, when performing a payment operation, on the one hand, it is required to transmit a small amount of very important information with a maximum level of security, while the use of a mobile terminal is preferable, and, on the other hand, it is also necessary to transmit a large amount of information with relatively low importance, while a personal computer is preferred.

Thus, the mobile device is ideally suited as a complement to a personal computer, go even as a powerful full-featured stand-alone solution.

Thus, by using a mixed type of communication to perform additional tasks that are specific to the payment application, the aforementioned application is formed by distributed execution in the system with the support of several participants, which allows us to offer an improved way to identify users when making Internet payments.

On the one hand, the aforementioned method of payment is innovative due to the interaction of partners in the system due to low costs in terms of common tasks and the range of issues addressed by the respective partner. The system is easy to maintain and provides an increased level of security at a relatively moderate cost.

On the other hand, the aforementioned method is convenient and simple for the user to perform and does not overload the user with details of the operation that are not of interest.

FIG. 2 illustrates a modification of FIG. 1 in accordance with another embodiment in which only the aforementioned mobile terminal device 3 is present. However, it has the aforementioned connection 4 to the aforementioned Internet network 5 and the aforementioned connection 17 to the aforementioned mobile communication network 16.

To some extent, FIG. 2 is a concentrated version of FIG. 1 in the sense that the hybrid communication of FIG. 1 is now carried out by only one device, such as a mobile terminal device, using various interface standards. In a further embodiment, the mobile device offers the same or comparable functionality to a personal computer, that is, in this case, the mobile device and the personal computer are interchangeable or work the same.

Figure 3 illustrates a diagram of possible options for identification and authentication of the user using the web interface.

The operation identifier generating unit 35 is connected or combined with the web reception unit 40.

The above reception unit 40 is connected to the identifier sending units 50, 55, or 60 via a web browser interface 45.

The identifier sending units 50, 55 or 60 are connected via the mobile phone interface to the APC operation data receiving unit 70.

The aforementioned receiving unit 70 is connected to the receiving units 80, 85 or 90 via the mobile phone interface 72. Also, block 70 is connected to web reception block 95 via a web browser interface 74.

In a first step 35, the APC generates an operation identifier code.

Then, at step 40, the client obtains the operation identifier code through a web browser.

Via a web interface 45, a user is presented with a message (not shown) with a choice of sending an operation identifier code from his mobile terminal device.

Then the client sends (45) from its mobile terminal device, for example, using the web browser interface, the operation identifier code

- through the USSD service, step 50, or

- by entering the operation identifier code, step 55, or

- the client sends the operation identifier code in the SMS message, step 60.

This operation identifier code is sent from the aforementioned mobile terminal device to the APC via the mobile phone interface, as indicated by the symbol 65.

At step 70, the operation identifier code is received on the APC side and the client is identified and authenticated by starting the appropriate procedures.

The client then receives a message on its mobile terminal device through one of the following options:

- through the USSD service, step 80, or (and)

- listens to the message during a call through IVR (interactive voice response), step 85, or (and)

- receives an SMS message, step 90, via the mobile phone interface 72, indicating whether identification and authentication was successful or not.

It should be noted that combinations of the above steps are also possible, including confirmations (not shown), which are shown in the form of “or (and)”.

Also, as an alternative or as a supplement to the information message about whether authentication and authentication was successful or not, the user receives information through a web browser, step 95, through the web interface 45.

Figure 4 illustrates a diagram of possible options for identifying and authenticating a user using a WAP interface.

The operation identifier generating unit 35 is connected or integrated with the WAP reception unit 42.

The above reception unit 42 is connected to one of the identifier sending units 50, 55 or 60 via the WAP browser interface 48.

The identifier sending units 50, 55 or 60 are connected via the mobile phone interface 64 to the APC operation data receiving unit 70.

The aforementioned receiving unit 70 is connected to the receiving units 80, 85 or 90 via the mobile phone interface 76. Also, block 70 is connected to WAP reception block 98 via a WAP browser interface 78.

As shown in FIG. 4, the same user identification occurs as shown with the same conventions as in FIG. 3.

However, instead of the web browser interface, the WAP browser interface is used to provide the user with the operation identifier code, which is shown in step 42 with the symbol 48. To the same extent, the WAP browser interface is used to inform the user in step 98, 78.

In FIG. 4, user information can be provided through two different interfaces transmitting information to the aforementioned WAP browser, 48 or 78, as well as via a mobile phone interface 64 or 76. Also, each of the aforementioned interfaces may be provided with various security levels or transmission methods, etc.

Therefore, it is possible to transmit messages using different transmission channels with different transmission characteristics and with different interfaces.

It should also be noted that a combination (not shown) of such interfaces as a web browser, a WAP browser or a mobile phone interface is also possible. Thus, the use of any combination of various standards of interfaces or data transfer means is provided in accordance with the requirements of a distributed application.

From a functional point of view, in FIG. 3 and FIG. 4, respectively, a client connected to the APC web server 9 to make a payment over the Internet receives a limited-duration operation identifier.

In addition, the user will also receive instructions through his web / WAP browser on how and where to send the operation identifier code via his mobile device. All this will be shown to the client in his web or WAP browser according to 40 or 42, respectively.

During the procedure for the user to send the operation identifier code back to the gateway 10 of the APC mobile network via the mobile device 3, the user's MSISDN is recorded on the APC side according to 70.

The MSISDN is an identifier for the equipment of an individual mobile radio equipment, which is also sent as an identification characteristic when using the equipment. In the invented procedure, there are three different options or methods, according to 50, 55 or 66, sending a user an operation identifier code to the gateway 10 of the APC mobile network. Assume that the gateway 10 of the APC mobile network has some short digital number, for example, “180”, then the following scenarios are possible:

- The client sends the operation identifier code via USSD (* 180 * code # _ operation identifier)

- The client dials the operation identifier code with the dialing prefix (180 operation_id_code)

- The client sends the operation identifier code in an SMS message (sms "operation_identifier_code" to 180)

Possible transfers of the operation identifier code differ from each other - the first uses the USSD service of the mobile operator. The second option uses a simple dialing prefix, which means that the client dials only the APC number with the addition of an n-bit operation ID code number.

APC receives the call and recognizes the dialing prefix number, which is the operation ID code number. In the latter embodiment, an SMS message is used to transmit the transaction ID code number to the APC.

When the operation identifier code is successfully transmitted to the APC, the next step is to identify and authenticate the client.

If this part of the entire procedure is completed successfully, the user will receive further instructions necessary to complete the payment through a web / WAP browser, USSD, SMS, IVR or a combination of all possible means of communication, shown as 80, 85 and 90 through interfaces 72, 74 , 76 and 78.

Otherwise, when the client is denied authentication, the client receives information about this through one of the possible communication channels (web browser, WAP browser, USSD, SMS or IVR).

It should be understood that the type of output channel for informing the user about the status of his identification and authentication (for example, through the USSD, IVR, SMS service, steps 80, 85 and 90, respectively) may depend on the type of the selected input channel according to steps 50, 55 and 60 , or a programmable default value may be applied.

By comparing the user information in steps 40 and 70 with respect to the type of browser interface used, namely 45 or 74 for the web browser, respectively, it may be possible to select different security levels or transmission methods, etc. with the same interface standard.

But it is also possible to choose different levels of security, suitable coding and transmission methods among various interface standards, in this case, safe message transmission is possible using a combination of two different transmission methods with different transmission characteristics.

Since payment instruments are usually protected by a pin code, the inventive payment procedure also includes two scenarios for implementing the transfer of a pin code.

Case 1 - PIN code is entered after identification

After the customer has finished making purchases in the Web Store through a web / WAP browser, the next step is to pay. Assume that the customer is a registered user of the mobile payment tool, protected by a PIN code. In this case, a procedure for identifying a client using a mobile phone before making a real payment is shown (Figs. 5a-5c). This diagram shows that the pin code is requested after the user has been identified.

The phases are explained in FIGS. 5a-5c, starting with FIG. 5a:

Phase 1: Customer Selects Internet Payment Method

The customer collects the goods in the shopping basket and proceeds to the calculation, step 110. Here he must choose the payment method - the method of Internet payment.

Then, at step 120, the Merchant’s web store redirects the customer to the APC web page and passes, at step 130, the necessary order information (which retailer, which account number and price, etc.).

Phase 2 - the client selects a mobile operator

The APC web server stores the information received from the Web store at step 140 and asks the customer to select their mobile operator (mobile operators have different prefixes, so the instructions are based on which mobile operator the client chose). The message is displayed in the client’s web or WAP browser at step 150. Information about which mobile operator the client selected at step 160 is then transmitted back to the APC web server at step 170.

All information collected by the web server in step 180 is then forwarded to the APC in step 190 (numbers 9, 10 and 11; FIG. 1 and FIG. 2).

Phase 3 - Generate Operation ID Code

The APC generates an operation identifier code at a time-limited step 200 (this prevents the exhaustion of APC identification codes).

At this point, 200 APC determines the dialing code and prefix (for USSD, dialing and SMS) depending on the mobile operator of the client and generates a USSD code for the client.

Phase 4 - the client receives a USSD code or number to dial

The code is transmitted from APC to the APC web server in step 210, where instructions were generated in step 200 and displayed for the client (via a web or WAP browser) in step 220.

The client at step 230 has the option not to use the default payment instruments, and can choose another instrument (via a dialing prefix or an additional code).

Phase 5 - the client sends a USSD code or sends an SMS (containing an identifier code) or dials a number

The client then follows the instructions and, at step 240, sends the operation identifier code displayed in its web or WAP browser. The operation identifier code is transmitted from the client’s mobile phone to the APC mobile gateway at step 250 by sending a message that the APC receives at step 260.

Phase 6 - The client receives a response from APC

The APC at step 270 checks whether the operation identifier code (shown to the client) has been sent to the APC.

No: Authentication failed

If the operation identifier code was not sent on time (before the operation identifier code expired), then at step 300, the APC informs the mobile operator that the identifier was not sent correctly. The client receives a message in his web or WAP browser, step 310, that the number was not sent correctly. The client must repeat the procedure, namely steps 320-390, by entering Phase 7 and then returning to step 190 of Phase 3.

Phase 7 - Client Identification Failed

At 320, a user is expected to press the Next button. At 330, a status is requested from the aforementioned APC by the aforementioned web server of the aforementioned APC. Then, at step 340, a message is sent from the aforementioned web server of the aforementioned APC to the aforementioned APC asking if the identifier is correct. At step 350, the web server of the aforementioned APC is informed by the aforementioned APC that the number has not been sent correctly. Next, at step 360, a message is sent indicating that the identifier was not received from the aforementioned APC to the aforementioned web server of the aforementioned APC. At step 370, the user is informed that the number has not been sent correctly, and the user is prompted from the aforementioned web server of the aforementioned APC to repeat the procedure. At step 380, a message is issued that the aforementioned user receives in his web or WAP browser stating that the number was not sent correctly if the operation identifier code was not sent before the expiration of the above operation identifier code. Then, at step 390, the user waits for the Next button to be pressed. The procedure is repeated by moving the user to Phase 3, step 190 (Fig. 5a).

Yes: Authentication completed successfully - Go to Phase 9

If the transaction identifier code would be sent to APC, then the mobile subscriber and the Internet client are compared. At 280, the APC informs the mobile operator that the identifier number was sent correctly. The client receives a message that the identification was successful at step 290 and proceeds to step 400 of Phase 8 (Fig. 5b).

Phase 8 - Status Requested

The APC checks the status of the identifier (steps 410-430).

In more detail, at step 400, the user waits for the user to press the Next button, and then a determination is made whether the subscriber of the mobile operator corresponds to the Internet client. Next, in step 410, the aforementioned APC web server requests a status from the aforementioned APC. At 420, a message is sent from the aforementioned web server of the aforementioned APC to the aforementioned APC asking if the identifier is correct. At step 430, the aforementioned APC checks to see if the aforementioned identification has been successful, and then the user is asked to enter a PIN code for the selected account.

Phase 9 - Request a PIN from the client

At step 435, the APC issues a request to the client to enter a PIN code for the selected payment instrument. At step 440, the client enters a PIN code in its web or WAP browser, which is sent to the APC at step 450.

In more detail, the request from the user for a personal identification number is performed at step 430. After that, at step 435, the user is prompted to enter a personal identification number of the selected payment instrument. At step 440, the PIN code is entered by the user in his web or WAP browser. At 450, a message is sent from the mobile terminal device to the aforementioned web server of the aforementioned APC, in which the aforementioned personal identification number is transmitted. At step 460, the web server receives the APC from the aforementioned user of the PIN code, which is then transmitted to the aforementioned APC. At step 470, a message is sent from the web server of the aforementioned APC to the aforementioned APC to transmit the aforementioned pin code. The execution and processing of the payment of the required size by the payment tool of the aforementioned user is carried out by the aforementioned authorization and processing center at step 475.

Phase 10 - pin code verification.

If the pin code is correct, then go to Phase 11, step 560; if it is not correct, then go to Phase 9, step 440; then the PIN code is verified directly by APC or transferred from APC to a financial institution.

In the event that at step 480 the pin code was sent to a financial institution, then at step 500, the correctness of the pin code and other information is checked.

If the pin code is incorrect, then the information is sent to the APC at step 510. The APC at step 540 informs the client of the input of the wrong pin code and asks the user to enter the correct pin code, step 550.

If the pin code is correct, then the financial institution checks the customer balance in Phase 11, step 560.

More details (Phase 10), at step 480, a message is sent from the aforementioned APC to the aforementioned financial institution in order to transfer transaction data, including an account number, personal identification number and price. The aforementioned financial institution obtains the aforementioned transaction data at step 490. At step 500, the financial institution checks whether the personal identification number is correct.

If the pin code is correct (yes), processing continues in Phase 11, step 560. If it is not correct (no), then at step 510, an error message is sent from the aforementioned financial institution to the aforementioned APC stating that the aforementioned the pin is invalid. At step 520, the aforementioned error message is transmitted or forwarded from the aforementioned APC to the aforementioned web server of the aforementioned APC.

At step 530, an error message is sent from the aforementioned APC to the aforementioned web server of the aforementioned APC, indicating that the personal identification number is incorrect. The receipt of the aforementioned error message and informing the user of the incorrect pin code is performed by the aforementioned web server of the aforementioned APC at step 540. At step 550, the user is prompted to re-enter the personal identification number. At 550, a message is displayed to the user that the PIN code he entered is incorrect. At this step 550, the user is also prompted to re-enter his PIN code. After step 550, the processing returns to Phase 9, step 440 (Fig. 5a).

Phase 11 - the user's account balance is checked at step 560. In general, if the balance is insufficient, the client can repeat the procedure for choosing the type of payment by going to Phase 1.

If the balance is insufficient, then information about this is sent to APC. APC informs the user about the balance status of his account, and asks him to choose another type of payment.

If the balance is sufficient, information about this is sent to APC at step 650. More details, at step 560, the financial institution checks whether the account balance is sufficient to make the payment. If the answer is “no” (account balance is insufficient), the financial institution sends an error message to APC to inform and indicate that the account balance is insufficient to make the payment. At step 580, the APC transmits the aforementioned error message from the aforementioned APC to the aforementioned web server of the aforementioned APC. At step 590, an error message is sent from the aforementioned APC to the aforementioned web server of the aforementioned APC informing that the account balance is insufficient to make the payment. At 600, the aforementioned web server of the aforementioned authorization and processing center receives the aforementioned error message containing an account balance state, and informs the user. At 610, an error message is displayed to the user. Also at step 610, the user is given the opportunity to select another type of payment (payment instrument). It is possible that the client has an account whose balance is sufficient for the operation. Next, at step 620, the user selection is checked. If the user has chosen to refuse the payment, the processing stops at block 630. If at block 640 the user selects another type of payment, the process returns to Phase 1 to block 100 by going to the beginning. If the answer is yes (an account with sufficient balance), the processing proceeds to Phase 12, where it continues at step 650.

Phase 12 - Client Payment Confirmation

Briefly, APC asks the client to confirm the order at step 680. The client confirms the payment at step 700. First, at step 650, a message is sent from the financial institution to APC to inform that the account balance is sufficient to make the payment. Then, at step 660, the aforementioned message is sent from the aforementioned APC to the aforementioned web server of the aforementioned APC. At step 670, a message is sent from the aforementioned APC to the aforementioned web server of the aforementioned APC to inform that the account balance is sufficient to make the payment. The receipt of the aforementioned message and the request from the aforementioned user to confirm his payment is performed at step 680 by the aforementioned web server of the aforementioned authorization and processing center. At block 690, a payment is pending confirmation by the user. Finally, the payment process ends at step 700 after receiving confirmation from the aforementioned user.

Case 2 - PIN code is entered before identification

In this case, the procedure (Figures 6a-6c) of identifying a client using a mobile phone before making a real payment is shown. This diagram shows that a PIN code is requested before the client has been identified. There is a difference in phases 9 and 10 shown in FIGS. 5b and 5c in that the process moves from the last step of Phase 8 (430) to the first step of Phase 10 (480).

Phase 10 - PIN Code Check

At step 480, a message is sent from the aforementioned authorization and processing center to the aforementioned financial institution to transmit transaction data, including account number, personal identification number, and price;

obtaining the aforementioned transaction data by the aforementioned financial institution is carried out at step 490, and at step 500, the validity of the personal identification number is carried out;

if the pin code is correct (yes), the processing proceeds to Phase 11, step 560, otherwise, at step 510, an error message is sent from the aforementioned financial institution to the aforementioned APC containing information that the aforementioned pin code (personal identification number) is incorrect. An error message is sent at step 520 from the aforementioned APC to the aforementioned APC web server.

Then, at step 530, an error message is sent from the aforementioned APC to the aforementioned APC web server containing information that the aforementioned pin code is incorrect.

At block 540, the APC web server receives an error message and informs the user of the incorrect pin code. At step 550, the user is prompted to re-enter the PIN code.

Then, at step 550, a message is displayed to the user that the entered personal identification number is incorrect, and it is proposed to re-enter his PIN code, after which the processing returns to Phase 9, step 440.

Phase 9 - PIN Code Request

At step 440, the user enters a PIN code in his web or WAP browser.

Then, at 450, a message is sent from the mobile terminal device to the aforementioned web server of the aforementioned APC to transmit the aforementioned personal identification number.

The APC web server in step 460 receives the pin code from the user and transfers it to the APC.

At 470, a message is sent from the APC web server to the aforementioned APC to transmit the aforementioned pin code; processing continues in Phase 8, final step 430.

Claims (5)

1. The method of functioning of the mobile terminal device in the payment procedure, comprising the steps at which
choose a payment method in the online application of the virtual Web store (7);
activate the web server application (9) of the authorization and processing center (8) for making a payment;
transmit all necessary data on the payment transaction from the aforementioned Internet application of the aforementioned virtual Web store (7) to the aforementioned authorization and processing center (8), while the aforementioned transaction data includes the amount and reference account number;
provide the user with an operation identifier code,
wherein the web browser displays for the user a server application of the aforementioned authorization and processing center (8), and the aforementioned operation identifier code is generated in the aforementioned authorization and processing center (8);
sending the aforementioned identifier code by a user via his mobile phone (3) to the gateway (10) of the mobile network of the aforementioned authorization and processing center (8);
receive the MSISDN (service subscriber digital network number), equipment identifier of the aforementioned personal mobile phone (3) and the operation identifier code, while the aforementioned MSISDN is also sent as an identification characteristic, and the aforementioned mobile phone (3) is used by the aforementioned gateway (10 ) the mobile network of the aforementioned center (8) authorization and processing;
inform the user (1) using the aforementioned authorization and processing center (8) about the successful reception of the operation identifier code via his mobile phone (3) or a web browser on the PC (2) of the aforementioned user (1) or both;
establish secure Internet connections (4, 12) between the aforementioned PC (2) of the user (1) and the aforementioned web server (9) of the aforementioned authorization and processing center (8) to allow the aforementioned user (1) to make a secure choice of a payment instrument in the application of the aforementioned web server (9) of the aforementioned authorization and processing center (8) and securely transfer the personal identification number attached to the aforementioned payment instrument to the aforementioned authorization center (8) and processing;
activating the aforementioned connection (14) with a financial institution (15) on the side of the aforementioned authorization and processing center (8) to authorize the aforementioned payment;
confirm the payment transaction of the user (1) through his web browser in case of authorization confirmation by the aforementioned financial institution (15) and / or the aforementioned web server (9) of the aforementioned authorization and processing center (8);
write down all the necessary data about the operation on the aforementioned data server (11) of the aforementioned authorization and processing center (8) and, in addition, send all the necessary data to the aforementioned Web store (7) of the seller and the data platform of the aforementioned financial institution (15). 2. A method for the operation of a mobile terminal device in identifying and authenticating a user of the aforementioned payment procedure, comprising the steps of:
generate (35) using the aforementioned center (8) authorization and processing operation identifier code;
accepting the aforementioned operation identifier code through a web browser (40, 45) or a WAP browser (42, 48) of the mobile terminal device;
sending the above-mentioned operation identifier code (65, 64), wherein the step of sending the above-mentioned operation identifier code (45; 48) is performed by the unstructured supplementary services data service (50) or by dialing the operation identifier code (55) by the user or by sending the code (60) of the operation identifier in SMS;
accepting the aforementioned operation identifier (70) on the side of the aforementioned authorization and processing center and identifying and authenticating the user; and
transmit to the user a message (80) about whether the identification and authentication was successful or not, while the step of transmitting to the user (72; 76) is performed by the data transfer service (80) of unstructured additional services or by listening to the message during the call (85) through an interactive voice response or by receiving a short message service message (90), or by receiving information through a web browser (95, 74) or a WAP browser (98, 78), or by a combination of the above ennoy. 3. The method of functioning of a mobile terminal device in identifying and authenticating a user of the aforementioned payment procedure if a personal identification number is entered after identification, comprising the steps of
(Phase 1) enter the payment process (100) upon the transition of the aforementioned user to the settlement with his shopping basket;
choosing, using a user, an online payment method (110); redirect the user (120) to the web page of the aforementioned authorization and processing center using the aforementioned seller of the virtual Web store and send a message (130) from the virtual Web store to the aforementioned authorization and processing center to transmit the necessary order information, while the aforementioned information Includes seller’s name, account number and cost;
(Phase 2) store information (140) received from the aforementioned virtual Web store by the aforementioned web server of the aforementioned authorization and processing center and request the user to select their mobile operator;
transmitting a message (150) displayed by the user's web or WAP browser;
select the desired mobile operator (160) using the aforementioned user and wait for the user to click the "Next"button;
sending a message (170) from the aforementioned mobile terminal device back to the aforementioned web server of the aforementioned authorization and processing center in order to transmit information about which mobile operator was selected by the user;
forward all the collected information (170) of the aforementioned web server of the aforementioned authorization and processing center to all subsystems of the aforementioned authorization and processing center;
(Phase 3) send a message (190) in order to provide ready-to-enter information containing the aforementioned selected mobile operator, the name of the Web Store website, the aforementioned account number and the aforementioned cost;
generating a time limited operation identifier code (200) using the aforementioned authorization and processing center using the above information;
find the dialing code and prefix (200) using the aforementioned authorization and processing center based on the user's mobile operator;
generating an unstructured supplementary services data code (200) for the aforementioned user;
(Phase 4) send a message (210) from the aforementioned authorization and processing center to the aforementioned web server of the aforementioned authorization and processing center to provide the user with the aforementioned unstructured additional services code or dialing number;
displaying (220) the generated code of unstructured additional services or a set number and a plurality of payment instruments to the user using the web server of the aforementioned authorization and processing center;
provide the user with an additional opportunity (230) not to use default payment instruments and provide an additional opportunity to select another payment instrument from among a plurality of payment instruments;
(Phase 5) enter the requested information (240) displayed on the web or WAP page using the aforementioned user on the mobile terminal device of the aforementioned user by following the instructions;
sending a message to transmit the aforementioned operation identifier code (250) displayed by the web user or WAP browser of the aforementioned user from the aforementioned mobile terminal device of the user to the aforementioned mobile network gateway of the aforementioned authorization and processing center;
receive a request (260) from the aforementioned mobile operator subscriber containing an identifier number and an additional payment instrument number;
(Phase 6) check (270) with the aforementioned authorization and processing center, whether the operation identifier code (displayed to the aforementioned user) has been provided to the aforementioned authorization and processing center;
if (yes) the number was sent correctly and on time:
informing the mobile operator (280) using the aforementioned authorization and processing center that the identifier number has been sent correctly;
informing the user (290) that the authentication was successful, and asking the user to continue entering and follow the instructions;
continue processing (400) in Phase 8;
otherwise (no)
informing the mobile operator (300) using the aforementioned authorization and processing center that the identifier number has not been sent correctly;
informing the user (310) that the entered number was incorrect, and asking the user to continue entering and follow the instructions;
(Phase 7) identification failed
waiting for the user to click Next (320);
requesting status (330) from the aforementioned authorization and processing center using the aforementioned web server of the aforementioned authorization and processing center;
sending a message (340) from the aforementioned web server of the aforementioned authorization and processing center to the aforementioned authorization and processing center in order to request the correct identifier;
informing the web server (350) of the aforementioned authorization and processing center using the aforementioned authorization and processing center that the number has not been sent correctly;
sending a message (360) from the aforementioned authorization and processing center to the aforementioned web server of the aforementioned authorization and processing center that the identifier has not been received;
informing the user (370) that the number has not been sent correctly and requesting the user to repeat the procedure using the aforementioned web server of the aforementioned authorization and processing center;
transmitting a message (380) to the aforementioned user to receive in his web or WAP browser that the number was not sent correctly if the operation identifier code was not provided before the expiration of the above operation identifier code;
Waiting for the user to press the Next button (390)
repeat the procedure by the user by going to Phase 3 (190);
(Phase 8) waiting for the user to click the Next button (400) and
mapping the user as a mobile subscriber to an online user;
requesting status (410) from the aforementioned authorization and processing center using the aforementioned web server of the aforementioned authorization and processing center;
sending a message (420) from the aforementioned web server of the aforementioned authorization and processing center to the aforementioned authorization and processing center in order to request the correct identifier;
continue (430) after the successful completion of the aforementioned identification using the aforementioned authorization and processing center and ask the user to enter his personal identification number for the selected account;
(Phase 9) request a personal identification number (435) from the user;
asking the user (435) to enter a personal identification number of the payment instrument of his choice;
enter a personal identification number (440) using the user in his web or WAP browser;
sending a message (450) from the mobile terminal device to the aforementioned web server of the aforementioned authorization and processing center in order to transmit the aforementioned personal identification number;
receive a personal identification number (460) from the aforementioned user using the web server of the authorization and processing center and transmit it (460) to the aforementioned authorization and processing center;
sending a message (470) from the web server of the aforementioned authorization and processing center to the aforementioned authorization and processing center for the purpose of transmitting the aforementioned personal identification number;
continue and verify (475) the payment of the necessary costs of the payment instrument of the aforementioned user using the aforementioned authorization and processing center;
(Phase 10) send a message (480) from the aforementioned authorization and processing center to the aforementioned financial institution for the purpose of transmitting transaction data, including an account number, a personal identification number and a cost;
accept (490) with the aforementioned financial institution the above transaction data and check (500) whether the personal identification number is correct;
if it is correct (yes) go to Phase 11 (560), otherwise
sending from the aforementioned financial institution to the aforementioned authorization and processing center a message (510) about the error that the aforementioned personal identification number is incorrect;
transmitting the aforementioned error message (520) from the aforementioned authorization and processing center to the aforementioned web server of the aforementioned authorization and processing center;
sending an error message (530) stating that the personal identification number is incorrect from the aforementioned authorization and processing center to the aforementioned web server of the aforementioned authorization and processing center;
receiving the aforementioned error message and informing the user (540) of the incorrect personal identification number using the aforementioned web server of the aforementioned authorization and processing center;
issue to the user (550) a request for re-entering a personal identification number;
displaying a message (550) to the user that the personal identification number entered by him is incorrect and asking the user to re-enter his personal identification number;
returning to Phase 9, step 2 (440);
(Phase 11) check (560) whether the account balance is sufficient to pay;
if the balance is sufficient (yes), go to Phase 12 (650);
otherwise (no)
send an error message (570) from the financial institution to the authorization and processing center to inform that the account balance is insufficient to pay;
transmitting the aforementioned error message (580) from the aforementioned authorization and processing center to the aforementioned web server of the aforementioned authorization and processing center;
send an error message (590) from the aforementioned authorization and processing center to the aforementioned web server of the aforementioned authorization and processing center that the account balance is insufficient to pay;
receiving the aforementioned error message and notifying the aforementioned user (600) of the account balance state using the aforementioned web server of the aforementioned authorization and processing center;
displaying to the aforementioned user the aforementioned error message (610);
display to the aforementioned user the ability to select another type of payment and the ability to cancel the payment (610);
check user selection (620);
if the user has chosen to cancel the payment, then the processing is completed (630);
otherwise, if the user selects another type of payment (640), they return to Phase 1 (100);
(Phase 12) send a message (650) from the financial institution to the authorization and processing center to inform that the account balance is sufficient to pay;
transmitting the aforementioned message (660) from the aforementioned authorization and processing center to the aforementioned web server of the aforementioned authorization and processing center;
send a message (670) from the aforementioned authorization and processing center to the aforementioned web server of the aforementioned authorization and processing center to inform that the account balance is sufficient to pay;
receive the aforementioned message and request (680) using the aforementioned web server of the aforementioned authorization and processing center from the aforementioned user to confirm his payment;
awaiting payment confirmation (690) by the user;
and
exit the payment process after receiving a confirmation (700) from the aforementioned user. 4. The method according to claim 3, in the case when a personal identification number is entered prior to identification, while there is a permutation and change of Phases 9 and 10, the processing proceeds from the last step (430) of Phase 8 to the first step (480) of Phase 10 :
(Phase 10)
send a message (480) from the aforementioned authorization and processing center to the aforementioned financial institution for the purpose of transferring transaction data, including an account number, personal identification number and cost;
accept, using the aforementioned financial institution (490), the above transaction data and check (500) whether the personal identification number is correct;
if it is correct (yes), go to Phase 11 (560), otherwise
send an error message (510) from the aforementioned financial institution to the aforementioned authorization and processing center that the aforementioned personal identification number is incorrect;
transmitting the aforementioned error message (520) from the aforementioned authorization and processing center to the aforementioned web server of the aforementioned authorization and processing center;
transmitting an error message (530) from the aforementioned authorization and processing center to the aforementioned web server of the aforementioned authorization and processing center that the aforementioned personal identification number is incorrect;
receiving the aforementioned error message and informing the user (540) of the incorrect personal identification number using the aforementioned web server of the aforementioned authorization and processing center;
issue a request to the user (550) for re-entering the personal identification number;
displaying to the user a message (550) that the personal identification number entered by him is incorrect and asking the user to re-enter his personal identification number;
returning to Phase 9, step 2 (440);
(Phase 9) enter a personal identification number (440) using the user in his web or WAP browser;
sending a message (450) from the mobile terminal device to the aforementioned web server of the aforementioned authorization and processing center in order to transmit the aforementioned personal identification number;
receiving a personal identification number (460) from the aforementioned user using the web server of the authorization and processing center and transmitting it to the aforementioned authorization and processing center;
sending a message (470) from the web server of the aforementioned authorization and processing center to the aforementioned authorization and processing center for the purpose of transmitting the aforementioned personal identification number; and
go to the last stage of Phase 8 (430). 5. A machine-readable medium storing program code, which when executed by a computer, instructs the computer to execute the method according to any of the preceding claims 1 to 4.

Images