SE0950411A1 - Method of secure transactions - Google Patents

Description

BRIEF DESCRIPTION OF THE DRAWINGS e The present invention will be more fully understood from the detailed description of embodiments given below and the accompanying drawings, which are given by way of illustration only and are thus not limiting of the present invention, in which: Fig. 1 shows schematic communication between transaction parties according to an embodiment of the present invention.

Fig. 2 schematically shows communication between a plurality of transaction parties according to an embodiment of the present invention.

Fig. 3 schematically shows the steps according to a method for securing transactions according to an embodiment of the present invention.

DETAILED DESCRIPTION OF EMBODIMENTS In the following description, for explanatory and non-limiting purposes, specific details are set forth, such as specific techniques and applications, to provide a thorough understanding of the present invention. However, it will be apparent to one skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. In other cases, detailed description of well known methods and devices is omitted so as not to obscure the description of the present invention with unnecessary detail.

An embodiment of the present invention will now be described with reference to fig. 1-3.

To secure all links in a transaction, the first step is to install 1 an I. user transaction software in a portable radio communication device 10 of a first transaction party in a secure manner, whereby a user is securely identified and linked to the installation. A secure way is, for example, at a bank branch or other known party, to install the user software in the portable radio communication device of the first transaction party or to provide a memory card or similar device with an installation program for the first transaction party thereon. The user's identity for the portable radio communication device is checked in connection with the installation or delivery of the user software of the user transaction software.

Instead of checking the identity directly at a bank branch or other known, a party can for example a registered letter sent to the intended user can be used to link the user transaction software to an account at a bank or other party, such as a credit card account, a user account, an electronic wallet. etc. Another secure way to install the user transaction software is to verify the identity of the intended user in the case of, for example, an authentication. Finally, an Internet bank branch or similar party, through a secure connection, for example an https connection, installs the user transaction software in the portable radio communication device of the first transaction party. The identity of the owner of the portable radio communication device is checked in connection with the installation by, for example, PlN. Finally, the user transaction software is linked to an account in a bank or other party, such as a credit card account, a user account, an electronic wallet, etc.

The user transaction software is provided with a means of communicating a pre-designated transaction server 12, by a number of transaction servers, when secure transactions are performed. Information about which account a user transaction software is linked to can be pre-distributed directly to the pre-defined transaction server or retrieved by the predefined transaction server from the first transaction party whenever a transaction is to take place. Account balance and similar checks are preferably performed before each completion of a transaction. is preferably given a reply to it text message, such as an SMS, with a download URL to that mobile phone number, i.e. a so-called over-air installation (OTA installation). By following that link in the mobile phone, the user transaction software is installed in the mobile phone. To first When a secure Internet installation mobile number to the distribution site, which sends a start the application running by the user transaction software, an activation code is entered, given by the distribution site. Furthermore, a PlN is also required to run to run the application.

When a transaction 13 is to take place, the other transaction party being Internet-based, such as an authenticated secure Internet site 11 for a merchant or a secure login, the transaction comprises the following steps. The user of the laptop ie. the first transaction party, associate the transaction party with the predefined transaction server. The first transaction party radio communication device, selects a "transaction" part in the user transaction software so that the first 10 activates itself, through an encrypted / encrypted wireless communication, on the pre-communicated transaction server 12, which pre-transacted transaction server 12 thereby sets the first transaction party 10 in an active transaction state in the predetermined transaction server 12. the active transaction state on the predetermined transaction server 12 until the first transaction party 10 requests an inactive transaction state. Alternatively, the first transaction party 10 will be put into an inactive transaction state by the dedicated transaction server 12 after a time lapse. Furthermore, the first transaction party 10 preferably remaining in the pre-communicated transaction server 12 may also put the first transaction party 10 in an inactive state after completion of a transaction. By waiting for a request before the first transaction party is put in an inactive state, the advantage is obtained that the user can perform fl your subsequent transactions without having to re-select the "transaction" part of the user transaction software. However, this is preferably combined with a time limit which gives the advantage that the user does not forget to put the portable radio communication device in an inactive transaction state, which would be risky if another person gets hold of the portable radio communication device. From a secure perspective, it would be advantageous to put the first transaction party in an inactive transaction state even after a transaction has been completed. The first transaction party then initiates the transaction by requesting 2, through an encrypted / encrypted wireless communication, a transaction identity of the predefined transaction server. The wireless communication can be performed, for example, by GPRS, 3G data, Wi-Fi or WiMAC, all of which have some kind of built-in identity verification, and also infrared or Bluetooth, which, however, are anonymous and the added transaction server would respond by sending 14 a transaction identity to the may first require some identity verification. The predefined transaction party, which transaction identity is unique throughout the transaction but is preferably reusable after completion of the transaction, advantageously immediately after completion of the transaction, ie. when the transaction receipt has been sent.

The Transaction Identifier to a Sedan This advertising may optionally include a link to the predefined transaction server, the pre-defined transaction server 12 announces intermediate transaction routers 17. in addition to the transaction identity of a transaction associated with the first transaction party. The transaction identity in this case refers to a transaction that the first transaction party processes to commit to.

Instead of transaction identifiers, it may request that the intermediate transaction router 17 create the predefined transaction server 12 create a transaction identifier, which is then sent to the first transaction party. An advantage of having the intermediate transaction router create the transaction identifier is that two different transaction servers do not risk creating the same transaction router. When the transaction servers create the transaction identifiers, the transaction identifiers that can be confused with the intermediate one are preferably limited to a defined interval, whereby the intermediate transaction router can be sure that two different transaction servers do not create the same transaction identity.

The first transaction party enters 3 the returned transaction identity at the merchant's secure Internet site 11, i.e. the other party to the transaction 11. The other. the transaction partner 11 connects to a known transaction partner 16, such as a POS terminal, by a plurality of possible transaction partners, to activate itself on the pre-defined transaction server 12. To remove the need to provide the transaction with contact information to the pre-specified transaction server, it does not know the other transaction party how to communicate with the pre-assigned transaction server but only the intermediate transaction router 17. A device 16 of the second transaction party therefore connects to the intermediate transaction router 17. It therefore sends a verification request to the intermediate transaction router 17 regarding the received transaction identifier to be the first transaction party. This request is here a request intended for the dedicated transaction server 12 unknown to the other transaction party. This verification request is then received by the intermediate transaction router 17, which continues and the transaction identity indicated in the verification request. It then forwards the identifier of the predefined transaction server 12 based on the request to the predefined transaction server 12. In fact, from this time onwards, it forwards all the transaction identity involved in communication regarding the transaction between the pre-defined transaction server 12 and the other the transaction party, to allow the other transaction party to communicate with the predefined transaction server to verify the use of the transaction identity.

The predefined transaction server 12 receives the verification request from the intermediate transaction router 17. It also receives information about the transaction associated with the transaction identity, preferably encrypted. 17 is used to connect the pre-designated transaction server 12 and the known transaction partner 16, so that the Intermediate transaction router second transaction party 11 can activate itself thereon. The second transaction party 11 activates itself on the predefined transaction server 12, which predefined transaction server 12 thereby puts the second transaction party 11 in an active transaction state in The transaction party sends 4, 15 then information about the transaction associated with the predefined transaction server 12. the second transaction identity to the pre-defined transaction identity the transaction server 12, preferably encrypted. The activation and the subsequent transaction information can also be performed in one action, so that the transmission of transaction information to the predefined transaction server also puts the other transaction party in an active transaction state on the predefined transaction server. Transaction information from the other transaction party that is sent with one transaction may vary, but typically includes the name of the other transaction party and the transaction amount, and possibly also the product name, of a purchase. The name of the other transaction party can alternatively be extracted from the login of the other transaction party to the system instead of being sent together with the transaction, to ensure that such information is not distorted. This is usually done through a land line, but can also be done via wireless communication. The other transaction party has previously registered an account in the forwarded transaction server, in a manner similar to that performed for the first similar transaction party it is not necessary to give to the second transaction party and vice versa, the transaction party. Account information and information for the first because such information is known by the predefined transaction server, and thus such information should not be given to the other transaction party and vice versa.

The predefined transaction server 12 identifies the first transaction party through the unique transaction identity sent by the second transaction party and preferably requests, through an encrypted / encrypted wireless communication, a verification of the first transaction party of the transaction information associated with the transaction identity.

The user transaction software requests, for example, a PIN as verification of the transaction information, such as the name of the other transaction party and the transaction sum. The verification is returned, through an encrypted / encrypted wireless transaction server connected to communication, to the pre-defined transaction identity. 10 15 20 25 30 35 40 After verification from the first transaction party, the forwarded transaction server completes the transaction associated with the unique transaction identity and sends a transaction receipt to both the first transaction party, through an encrypted / encrypted wireless communication, and the second transaction party. The transaction is completed only provided that the accounts of both the first transaction party and the second transaction party accept the transaction.

The transaction has been described with a portable radio communication device as the first transaction party and a merchant as the second transaction party. However, the reverse is also possible whereby the merchant requests a unique transaction identity from the intermediate transaction router, in this case preferably through a land line. Alternatively, the merchant requests a unique transaction identity from its own transaction server, which is then embedded on the intermediate transaction router.

The unique transaction identity is then communicated to the merchant's portable radio communication device, which portable radio communication device activates itself on the configured transaction server with the unique transaction identity it has received from the merchant. The managed transaction server then announces this unique transaction identity on which it can link the radio communication device and the merchant thereto. However, the transaction information between the transaction router, so that the portable link to the unique transaction identity is retransmitted from the merchant to the predefined transaction server, which, through wireless communication, sends the transaction information linked to the unique transaction identity to the portable transaction linked to the still radio communication device. . the unique transaction identity is verified by the portable radio communication device through a user verification, which verification associated with it is sent to that transaction server. The transaction associated with the unique transaction identity is completed, the unique transaction identity is then predefined based on the information of the transaction and the unique transaction identity, and a transaction receipt of the completed transaction is sent from the predefined transaction server to the first and second transaction parties. Also in this reverse procedure, both transaction parties have individually put themselves in an active transaction state on the predefined transaction server. Without both parties to the active transaction state, the transaction will not be completed.

A similar method can be used for, for example, Internet banking login or other types of secure logins or secure authentication. Instead of requesting a transaction identity from the predefined transaction server, a predefined identity is used, both the transaction server and the intermediate transaction router, such as a social security number known by the first transaction party, the predefined account number or the like. The user of the first transaction party preferably enters the assigned identity at the second transaction party and thereby initiates the login at the second transaction party. Alternatively, the first and second transaction parties are, for example, equipped with electronic communication means providing the possibility for the first transaction party to enter the pre-defined identity at the second transaction party without the user having to perform it manually. The user of the first transaction party also selects a "secure login" part of the user transaction software to connect the portable radio communication device to the pre-designated transaction server, thereby placing the first transaction party in an active transaction state on the pre-specified transaction server.

The other transaction party connects to a known transaction partner, such as a POS terminal, to activate itself on the predefined transaction server. A 17 is used to interconnect the predetermined transaction server 12 and the known transaction partner 16 so that the second intermediate transaction router transaction party 11 can activate itself thereon. Upon receipt of the pre-defined identity at the other transaction party, the other transaction party puts itself in an active transaction state on the pre-defined transaction server and requests a verification associated with the login of the pre-defined transaction server, based on the predefined identity. The forwarded transaction server checks that the portable radio communication device corresponding to the forwarded identity is connected to the forwarded transaction server, at least by checking that the first transaction party is in an active transaction state on the forwarded transaction server. The maintained transaction server preferably requests an additional verification associated with the login from the first transaction party, or alternatively checks that the portable radio communication device of the first transaction party is on, which is performed without any active action from users thereof.

The verification in the portable radio communication device is, for example, a PIN. The predefined transaction server will, when both transaction parties are in the active state, or after verification when used, send a verification to the second transaction party confirming that the portable radio communication device has been verified, which will allow login of the first transaction party to the first transaction party. In this case, no PlN or other password has been transmitted via Furthermore, the transaction server and the other transaction party. The other party receives only one Internet connection. PIN has not been transferred between the confirmed confirmation that the identification has been verified. Transactions at the other transaction party can then be performed as previously described.

The intermediate transaction router 17 has been described as connecting the predetermined transaction server 12 and the known transaction partner 16, and thus it can also connect a number of predetermined transaction servers 12 and a number of known 16 to each other. Furthermore, there may also be a number of intermediate transaction routers, typically one intermediate transaction router per country. Transaction partners Examples of various transactions are, for example, point-of-sale transactions (POS transactions), person-to-person transfers (P2P transfers), micropayments, person-to-machine transactions (vending machine transactions), secure identification, electronic identification, secure authentication, etc.

It is obvious that the present invention can be varied in a number of different ways.

Such variations should not be construed as departing from the scope of the present invention, as defined by the appended claims. All such variations as would be apparent to one skilled in the art are intended to be included within the scope of the present invention as defined by the appended claims.

Claims (16)

10 15 20 25 30 35 40 PATENT REQUIREMENTS A method of a secure transaction utilizing a portable radio communication device (10) comprising the steps of: - initiating, by wireless encrypted communication, said portable radio communication device on a pre-configured transaction server (12), which portable radio communication device is thereby placed in an active transaction state as a primary user said portable radio communication device has been installed by an authentication service provider, a user securely being a transaction party on said pre-defined transaction server, one identified and linked to the installation, - initiating, through a transaction identity, a transaction (13) between said first transaction party using said usable software radio communication device and a second transaction party (1 1) using a service provider software, arranged transaction server (12), which second transaction party is thereby put in an active - initiating said second transaction party on said transaction state on said predefined transaction server, said second transaction party accessing said predefined transaction server via an intermediate transaction router, - sending (15) information about said transaction - linked to said transaction identity from said second transaction predefined transaction server, - identifying said first transaction party and said second transaction party on said predefined transaction server by said transaction identity and checking that said first transaction party and said second transaction party are in said active transaction state on said pre-defined transaction transaction server, and said information about said transaction and said transaction identity. A method according to claim 1, comprising the steps of: - sending (14, 15) a transaction receipt for the completed transaction linked to said transaction identity from said pre-designated transaction server to said first and second transaction parties. The method of claim 1 or 2, wherein said transaction identity is created by said pre-designated transaction server at the request of said first transaction party 'and sent to said first transaction party and advertised on said intermediate transaction router. The method of claim 3, wherein said transaction identity is a unique transaction identity and is the transaction receipt has been sent. A method according to any one of claims 1-4, wherein said transaction identity is reusable for another transaction after being communicated and known by said transaction server and said first transaction party. A method according to any one of claims 1-5, comprising the steps of: transmitting (14), by wireless communication, said information about said transaction linked to said transaction identity, transferred transaction server to said first transaction party, wherein the transmission is encrypted, from said - verifying said transaction linked to said transaction identity at said first transaction party by a user verification (6), and ~ - transmitting (14), by wireless communication, verifying linked to said transaction identity from said first transaction party to said transduced services, wherein the transmission is encrypted. The method of claim 6, wherein said verification is performed by entering a personal identification number into said portable radio communication device. The method of claim 1 or 2, wherein said transaction identity is created by said intermediate transaction router at the request of said predefined transaction server, in turn requested by said first transaction party and sent to said first transaction party via said predefined transaction server. Method for a secure transaction using a portable radio communication device (10) comprising the steps of: - installing (1) a user transaction software in said portable radio communication device (10) through an authenticated service provider, whereby a user is securely identified and linked to the installation, - initiating , through a common unique transaction identity, a transaction (13) between a first transaction party using said user transaction software in said portable radio communication device and a second transaction party using a service provider software, - communicating (14), by wireless communication, said unique transaction identity between said first transaction identity and a pre-defined transaction server (12), the communication being encrypted, - transmitting (15) information about said transaction associated with said unique transaction identity from said second transaction party to said predefined transaction servers said second transaction party accessing said predefined transaction server via an intermediate transaction router, - transmitting (14), via wireless communication, said information about said transaction linked to said unique transaction identity from said pre-defined transaction server to said first transaction party, wherein , - verifying said transaction linked to said unique transaction identity at said first transaction party through a user verification (6), - transmitting (14), via wireless communication, verifying linked to said unique transaction identity from said first transaction party to said forwarded transversal transcripts , and - completing said transaction associated with said unique transaction identity based on said information about said transaction and said unique transaction identity. 10. » The method of claim 9, comprising the steps of: sending (14, 15) a transaction receipt of the completed transaction associated with said unique transaction identity from said predefined transaction server to said first and second transaction parties, said first transaction party and said second transaction party having have been connected to said predefined transaction server throughout the transaction. The method of claim 9 or 10, wherein said unique transaction identity is reusable for another transaction after the transaction receipt has been sent. The method of any of claims 9-11, wherein said unique transaction identity is created by said predefined transaction server at the request of said first transaction party and advertised on said intermediate transaction router. A method according to any one of claims 9-11, wherein said transaction identity is predefined. A method according to any one of claims 9-11, wherein said unique transaction identity is created by said second transaction party. A method according to any one of claims 9-14, wherein said verifying is performed by entering a personal identification number in said portable radio communication device. A method according to any one of claims 9-11, wherein said transaction identity is created by said intermediate transaction router at the request of said pre-defined transaction server, in turn at the request of said first transaction party and sent to said first transaction party via said predefined transaction server.