TWI569168B - Mobile device application authentication system and method - Google Patents
Mobile device application authentication system and method Download PDFInfo
- Publication number
- TWI569168B TWI569168B TW104140473A TW104140473A TWI569168B TW I569168 B TWI569168 B TW I569168B TW 104140473 A TW104140473 A TW 104140473A TW 104140473 A TW104140473 A TW 104140473A TW I569168 B TWI569168 B TW I569168B
- Authority
- TW
- Taiwan
- Prior art keywords
- authentication
- application
- mobile device
- dynamic password
- server
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 26
- 230000005540 biological transmission Effects 0.000 claims description 4
- 230000004913 activation Effects 0.000 claims 1
- 101100462378 Danio rerio otpb gene Proteins 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000009977 dual effect Effects 0.000 description 2
- 230000011664 signaling Effects 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Description
本發明有關於一種認證系統與方法,特別是有關於一種通過一次性密碼以及行動裝置之身分雙重認證之應用程式認證系統與方法。 The present invention relates to an authentication system and method, and more particularly to an application authentication system and method for dual authentication through a one-time password and a mobile device.
一次性密碼(One Time Password,OTP)係一種目前廣泛應用於網路安全之保護機制,常可見於網路購物之流程中,係一種驗證使用者身分之方法,大多係通過OTP認證中心系統核發一次性密碼(OTP)到正確或已綁定身分之使用者的行動裝置,以完成身分確認進一步確認交易,進而達到安全驗證之機制。 One Time Password (OTP) is a protection mechanism widely used in network security. It is often found in the process of online shopping. It is a method for verifying user identity. Most of them are issued through the OTP certification center system. A one-time password (OTP) to the mobile device of the user with the correct or bound identity to complete the identity confirmation to further confirm the transaction, thereby achieving a secure verification mechanism.
以往直接使用帳號密碼登入之認證模式有密碼被竊取之風險,故一次性密碼機制應運而生,因一次性密碼會於被使用過一次或一定時限後失效,以降低密碼被竊的風險,目前有許多使用一次性密碼的驗證方式,例如使用電話語音系統取得密碼、利用電話簡訊取得密碼等方法,但隨著智慧型手機之廣泛使用與網路技術日漸進步,一次性密碼於傳送過程中仍有被竊取之可能,或有心人士可利用其他方式搶先或假冒使用者身分使用一次性密碼來認證,故建立一種就算一次性密碼被竊取,除原使用者外之有心人士並無法使 用該一次性密碼來驗證之安全機制與方法,的確有其必要性。 In the past, the authentication mode of directly using the account password to log in has the risk of the password being stolen, so the one-time password mechanism came into being, because the one-time password will be invalidated after being used once or for a certain period of time, so as to reduce the risk of password theft. There are many ways to use one-time password authentication, such as using a telephone voice system to obtain a password, and using a telephone text message to obtain a password. However, with the widespread use of smart phones and the advancement of network technology, one-time passwords are still in the process of transmission. There is a possibility of being stolen, or someone with a heart can use other means to preempt or impersonate the user to use a one-time password for authentication. Therefore, even if a one-time password is stolen, a person who is interested in the original user cannot make it. It is indeed necessary to use this one-time password to verify the security mechanisms and methods.
本發明提出一種行動裝置應用程式認證系統與方法,其主要係通過簡訊傳送過程中之技術取得用戶識別資訊,再將用戶識別資訊搭配行動裝置上的應用程式以提供認證機制,通過此種雙重認證之方式解決以往一次性密碼(OTP)簡訊有安全漏洞之虞,且本發明並不限定為特定電信公司之用戶,可以提供跨網之認證。 The invention provides a mobile device application authentication system and method, which mainly acquires user identification information through technology in a short message transmission process, and then combines user identification information with an application on a mobile device to provide an authentication mechanism, and through such double authentication. The method solves the problem that the past one-time password (OTP) short message has a security vulnerability, and the invention is not limited to the user of a specific telecommunication company, and can provide cross-network authentication.
本發明之行動裝置應用程式認證系統,其系統主要包含有一認證伺服器,該認證伺服器通過網路與一應用程式端連結,該應用程式端係安裝於一行動裝置上,該認證伺服器接收來自該應用程式端之一開通請求以及一認證請求,並對應的產生具時效性的一第一動態密碼以及一第二動態密碼,所述動態密碼係為一次性密碼(OTP)。 The mobile device application authentication system of the present invention mainly includes an authentication server, the authentication server is connected to an application terminal through a network, and the application terminal is installed on a mobile device, and the authentication server receives the authentication server. A request for opening a request and an authentication request from the application end, and correspondingly generating a first dynamic password and a second dynamic password, the dynamic password is a one-time password (OTP).
本發明之行動裝置應用程式認證系統更包含一訊息遞送閘道伺服器,該訊息遞送閘道伺服器與第七號信令系統(Signaling System Number 7,SS7)介接,並透過MAP(Mobile Application Part)進行簡訊發送,該訊息遞送閘道伺服器亦與前述該認證伺服器介接,該認證伺服器將產生的該第一動態密碼通過該訊息遞送閘道伺服器以一開通簡訊傳輸至該應用程式端,以回應來自該應用程式端之該開通請求,該訊息遞送閘道伺服器根據該開通簡訊之發送過程中,解析並取得其欲發送簡訊之該應用程式端之行動裝置的國際行動用戶識別碼(International Mobile Subscriber Identity,IMSI)並 傳輸至該認證伺服器進行儲存,自此該認證伺服器中儲存有該應用程式端之行動裝置之身分資料(MSISDN/IMSI)。 The mobile device application authentication system of the present invention further includes a message delivery gateway server that interfaces with the Signaling System Number 7, SS7 and transmits the MAP (Mobile Application). Sending a message, the message delivery gateway server is also interfaced with the authentication server, and the authentication server transmits the generated first dynamic password to the gateway through the message delivery gateway server. The application side responds to the opening request from the application end, and the message delivery gateway server parses and obtains the international action of the mobile device of the application side of the application to send the short message according to the sending of the opening short message. User Mobile Identity (IMSI) and The device is transmitted to the authentication server for storage, and the identity server (MSISDN/IMSI) of the mobile device of the application terminal is stored in the authentication server.
而該應用程式端接收到該開通簡訊並取得該第一動態密碼後,該應用程式端解析出該應用程式端之行動裝置SIM卡中的國際行動用戶識別碼(IMSI)或行動裝置之國際行動設備識別碼(International Mobile Equipment Identity,IMEI),並以接收來之該第一動態密碼將IMEI或IMSI加密以產生該認證請求,該應用程式端再傳輸該認證請求至該認證伺服器,該認證伺服器接收該認證請求並與內部已儲存之國際行動用戶識別碼以及原先產生之該第一動態密碼比對以認證,認證成功後,該認證伺服器另產生該第二動態密碼並傳輸至該應用程式端,該認證伺服器並儲存該應用程式端之行動裝置SIM卡中的國際行動用戶識別碼或國際行動設備識別碼。 After the application receives the opening short message and obtains the first dynamic password, the application end parses the international mobile subscriber identity (IMSI) or mobile device international action in the SIM card of the mobile device of the application terminal. An International Mobile Equipment Identity (IMEI), and encrypting the IMEI or IMSI with the received first dynamic password to generate the authentication request, and the application end transmits the authentication request to the authentication server, the authentication The server receives the authentication request and compares it with the internally stored international mobile subscriber identifier and the first generated dynamic password. After the authentication succeeds, the authentication server generates the second dynamic password and transmits the The application server, which stores the international mobile subscriber identity code or the international mobile device identifier in the SIM card of the mobile device of the application.
其中,該應用程式端隨即取得該第二動態密碼,該第二動態密碼係供該應用程式端用於商務網站之有時效性之一次性安全認證,或供該應用程式端未來連接至該認證伺服器時,用於加密其IMSI或IMEI以產生另一次認證請求。 Wherein, the application terminal immediately obtains the second dynamic password, and the second dynamic password is used for one-time security authentication of the time limit of the business website, or the application terminal is connected to the authentication in the future. The server is used to encrypt its IMSI or IMEI to generate another authentication request.
根據上述之系統架構,本發明之行動裝置應用程式認證方法,其包含以下步驟:1.一應用程式端通過網路傳輸一開通請求至一認證伺服器;一認證伺服器通過網路接收來自該應用程式端之一開通請求;2.該認證伺服器產生一第一動態密碼;3.該認證伺服器通過一訊息遞送閘道伺服器將該第一動態密碼以一開通簡訊傳輸至該應用程式端; 4.該訊息遞送閘道伺服器於該開通簡訊發送之過程中取得該應用程式端之行動裝置的國際行動用戶識別碼;5.該訊息遞送閘道伺服器傳輸該應用程式端之行動裝置的國際行動用戶識別碼至該認證伺服器;6.該認證伺服器儲存該應用程式端之行動裝置的國際行動用戶識別碼;7.該應用程式端接收該開通簡訊;8.該應用程式端以該第一動態密碼將該應用程式端之行動裝置SIM卡中的國際行動用戶識別碼或國際行動設備識別碼加密以產生一認證請求;9.該應用程式端傳輸該認證請求至該認證伺服器;10.該認證伺服器接收該認證請求;11.該認證伺服器將該認證請求與內部儲存之國際行動用戶識別碼以及該第一動態密碼比對以認證;12.該認證伺服器於認證後產生一第二動態密碼並傳輸至該應用程式端;13.該應用程式端以該第二動態密碼於商務網站安全認證;以及14.該應用程式端將該第二動態密碼用於加密SIM卡中的國際行動用戶識別碼或國際行動設備識別碼以產生另一次認證請求。 According to the above system architecture, the mobile device application authentication method of the present invention comprises the following steps: 1. An application terminal transmits a provisioning request to an authentication server through a network; and an authentication server receives the network through the network. One of the application terminals opens the request; 2. The authentication server generates a first dynamic password; 3. The authentication server transmits the first dynamic password to the application through a message delivery gateway server end; 4. The message delivery gateway server obtains an international mobile subscriber identity of the mobile device of the application terminal during the sending of the short message transmission; 5. the message delivery gateway server transmits the mobile device of the application terminal The international mobile subscriber ID is sent to the authentication server; 6. the authentication server stores the international mobile subscriber identity of the mobile device of the application; 7. the application receives the opening short message; 8. the application terminal The first dynamic password encrypts an international mobile subscriber identity code or an international mobile device identifier in the mobile device SIM card of the application to generate an authentication request; 9. the application transmits the authentication request to the authentication server 10. The authentication server receives the authentication request; 11. the authentication server compares the authentication request with the internally stored international mobile subscriber identity and the first dynamic password for authentication; 12. the authentication server is authenticated Generating a second dynamic password and transmitting it to the application terminal; 13. the application terminal secures the business website with the second dynamic password; and 14. The second end of the app dynamic password used for international mobile subscriber identity or International mobile Equipment Identity SIM card encryption to generate another authentication request.
通過本發明之系統與方法,通過系統中記錄之IMSI資訊來認證一次性密碼,可防止行動裝置遺失而被盜用等狀況,而透過系統中記錄之IMEI資訊來認證一次性密碼,可防止行動裝置之軟體備份被盜用的狀況。 By the system and method of the present invention, the one-time password is authenticated by the IMSI information recorded in the system, the mobile device can be prevented from being lost and stolen, and the one-time password can be authenticated through the IMEI information recorded in the system, thereby preventing the mobile device from being activated. The situation in which the software backup is stolen.
100‧‧‧應用程式端 100‧‧‧Application side
200‧‧‧認證伺服器 200‧‧‧Authentication Server
300‧‧‧SS7閘道伺服器 300‧‧‧SS7 gateway server
400‧‧‧歸屬位置暫存器 400‧‧‧Home location register
500‧‧‧交換中心伺服器 500‧‧‧Exchange Center Server
600‧‧‧電子商務網站 600‧‧‧E-commerce website
圖1為本發明行動裝置應用程式認證方法配合系統架構之第一示意圖。 FIG. 1 is a first schematic diagram of a mobile device application authentication method and a system architecture according to the present invention.
圖2為本發明行動裝置應用程式認證方法配合系統架構之第二示意圖。 2 is a second schematic diagram of a mobile device application authentication method in accordance with the system architecture of the present invention.
以下將以實施例結合圖式對本發明進行進一步說明,首先請參照圖1,為本發明行動裝置應用程式認證方法配合系統架構之第一示意圖,使用者通過應用程式端100與電子商務網站600連線購物,此時電子商務網站要求進行一次性密碼(OTP)之認證程序,使用者通過應用程式端100輸入行動門號(Mobile Subscriber International ISDN number,MSISDN)傳輸至認證伺服器200以要求認證程序,認證伺服器200收到請求後,將產生一組具時效性之一次性密碼OTP1,並透過SS7(Signaling System Number 7)閘道伺服器300以發送OTP1簡訊(Short Message,SM),閘道伺服器300使用MAP2(Mobile Application Part 2)的SRI-SM(Send Routing Information)介面向歸屬位置暫存器400取得用戶門號之國際行動用戶識別碼(IMSI)資訊,並將IMSI資訊傳輸至認證伺服器200以儲存,閘道伺服器300並通過交換中心伺服器(Mobile Switching Center Server,MSCS)500將OTP1簡訊傳輸至應用程式端100之行動裝置。 The present invention will be further described with reference to the accompanying drawings. First, please refer to FIG. 1 , which is a first schematic diagram of a mobile device application authentication method according to the present invention. The user connects to the e-commerce website 600 through the application terminal 100. Line shopping, at this time, the e-commerce website requires an authentication procedure for one-time password (OTP), and the user transmits the mobile subscriber number (Mobile Subscriber International ISDN number, MSISDN) to the authentication server 200 to request the authentication procedure. After receiving the request, the authentication server 200 generates a set of time-sensitive one-time password OTP1 and transmits an OTP1 Short Message (SM) through the SS7 (Signaling System Number 7) gateway server 300. The server 300 obtains the International Mobile Subscriber Identity (IMSI) information of the user gate number from the home location register 400 using the SRI-SM (Send Routing Information) of the MAP2 (Mobile Application Part 2), and transmits the IMSI information to the authentication. The server 200 stores, the gateway server 300 and the OTP1 through the Mobile Switching Center Server (MSCS) 500. Mobile device 100 is transmitted to the information terminal app.
使用者收到OTP1簡訊後將此OTP1之一次性密碼輸入應用程式端100,而應用程式端100則使用此OTP1將 從行動裝置獲取之SIM卡之國際行動用戶識別碼(IMSI)資訊及手機之國際行動設備識別碼(IMEI)加密後,傳輸至認證伺服器200以進行認證,認證伺服器200以之前已取得用戶門號之IMSI資訊來比對認證,若認證失敗則認證伺服器200回應認證失敗之訊息給用戶端,若認證成功則認證伺服器200產生第二組一次性密碼訊息OTP2,並回傳給應用程式端100,認證伺服器200並將先前所取得關於這部行動裝置之IMSI、IMEI、MSISDN儲存起來以便日後再認證,而使用者自應用程式端100取得第二組一次性密碼OTP2,一次性密碼OTP2即可用於輸入電子商務網站600以完成認證程序,令使用者可順利安全的進行購物。 After receiving the OTP1 newsletter, the user inputs the one-time password of the OTP1 into the application terminal 100, and the application terminal 100 uses the OTP1. The International Mobile Subscriber Identity (IMSI) information of the SIM card obtained from the mobile device and the International Mobile Equipment Identity (IMEI) of the mobile phone are encrypted and transmitted to the authentication server 200 for authentication, and the authentication server 200 has previously obtained the user. The IMSI information of the gate number is used to compare the authentication. If the authentication fails, the authentication server 200 responds to the authentication failure message to the client. If the authentication succeeds, the authentication server 200 generates a second set of one-time password message OTP2 and returns the application to the application. The terminal 100, the authentication server 200 stores the previously acquired IMSI, IMEI, MSISDN for the mobile device for later re-authentication, and the user obtains the second set of one-time password OTP2 from the application terminal 100, one time. The password OTP2 can be used to input the e-commerce website 600 to complete the authentication process, so that the user can purchase the game smoothly and safely.
再請參照圖2,為本發明行動裝置應用程式認證方法配合系統架構之第二示意圖,其情境係延續本發明依圖1之步驟,此時應用程式端100已取得第二組一次性密碼OTP2之後,第二組一次性密碼OTP2可被視為一個代幣物件(Token),該應用程式端100可儲存該OTP2以供後續再次登入認證伺服器時使用,當需要再次進行認證時,該應用程式端100以該OTP2加密行動裝置之IMSI、IMEI並傳輸至認證伺服器200,認證伺服器200以先前所取得關於這部行動裝置之IMSI、IMEI以及OTP2進行比對認證,認證伺服器200再將是否通過認證的訊息(Success/Fail)傳輸回該應用程式端100。 Please refer to FIG. 2 , which is a second schematic diagram of the mobile device application authentication method and the system architecture of the present invention. The context continues the steps of the present invention according to FIG. 1 , and the application terminal 100 has obtained the second set of one-time password OTP 2 . Thereafter, the second set of one-time password OTP2 can be regarded as a token (Token), and the application terminal 100 can store the OTP2 for subsequent login to the authentication server, and when the authentication needs to be performed again, the application The terminal 100 encrypts the IMSI and IMEI of the mobile device with the OTP2 and transmits it to the authentication server 200. The authentication server 200 performs the comparison authentication with the IMSI, IMEI and OTP2 previously obtained for the mobile device, and the authentication server 200 performs the authentication. Whether or not the authenticated message (Success/Fail) is transmitted back to the application terminal 100.
上列詳細說明乃針對本發明之最佳實施例進行具體說明,惟該實施例並非用以限制本發明之專利範圍,凡未脫離本發明技藝精神所為之等效實施或變更,均應包含於本案之專利範圍中。 The detailed description of the preferred embodiments of the present invention is intended to be construed as the invention The patent scope of this case.
本發明之系統與方法通過IMSI及MSISDN認證, 可以識別應用程式端之行動裝置的SIM卡綁定狀況。 The system and method of the present invention are certified by IMSI and MSISDN. The SIM card binding status of the mobile device on the application side can be identified.
本發明之系統與方法通過IMEI及MSISDN驗證,可以識別應用程式端之行動裝置的綁定狀況。 The system and method of the present invention can be authenticated by IMEI and MSISDN to identify the binding status of the mobile device on the application side.
本發明之行動裝置應用程式認證系統與方法提供了一種安全的一次性密碼(OTP)雙重認證機制,同時以使用者之行動裝置身分以及一次性密碼認證,可以確實解決一次性密碼被盜用之安全問題。 The mobile device application authentication system and method of the present invention provides a secure one-time password (OTP) dual authentication mechanism, and at the same time, the user's mobile device identity and one-time password authentication can reliably solve the security of one-time password theft. problem.
綜上所述,本發明於技術思想上實屬創新,也具備先前技術不及的多種功效,已充分符合新穎性及進步性之法定發明專利要件,爰依法提出專利申請,懇請 貴局核准本件發明專利申請案以勵發明,至感德便。 In summary, the present invention is innovative in terms of technical ideas, and also has various functions that are not in the prior art, and has fully complied with the statutory invention patent requirements of novelty and progressiveness, and has filed a patent application according to law, and invites you to approve the invention. The patent application was inspired to invent, and it was a matter of feeling.
100‧‧‧應用程式端 100‧‧‧Application side
200‧‧‧認證伺服器 200‧‧‧Authentication Server
300‧‧‧SS7閘道伺服器 300‧‧‧SS7 gateway server
400‧‧‧歸屬位置暫存器 400‧‧‧Home location register
500‧‧‧交換中心伺服器 500‧‧‧Exchange Center Server
600‧‧‧電子商務網站 600‧‧‧E-commerce website
Claims (7)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW104140473A TWI569168B (en) | 2015-12-03 | 2015-12-03 | Mobile device application authentication system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW104140473A TWI569168B (en) | 2015-12-03 | 2015-12-03 | Mobile device application authentication system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TWI569168B true TWI569168B (en) | 2017-02-01 |
| TW201721502A TW201721502A (en) | 2017-06-16 |
Family
ID=58608325
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW104140473A TWI569168B (en) | 2015-12-03 | 2015-12-03 | Mobile device application authentication system and method |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI569168B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685739A (en) * | 2011-12-08 | 2012-09-19 | 北京高森明晨信息科技有限公司 | Authentication method and system for Android enterprise applications |
| TWM495053U (en) * | 2014-07-18 | 2015-02-01 | Chunghwa Internat Comm Network Co Ltd | Smart phone device of generating one-time password (OTP) and identity validation |
| US20150149336A1 (en) * | 2013-11-27 | 2015-05-28 | Apple Inc. | Provisioning of credentials on an electronic device using passwords communicated over verified channels |
| TW201528170A (en) * | 2014-01-09 | 2015-07-16 | Mxtran Inc | Authorizing server, authorizing method and computer program product |
-
2015
- 2015-12-03 TW TW104140473A patent/TWI569168B/en not_active IP Right Cessation
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685739A (en) * | 2011-12-08 | 2012-09-19 | 北京高森明晨信息科技有限公司 | Authentication method and system for Android enterprise applications |
| US20150149336A1 (en) * | 2013-11-27 | 2015-05-28 | Apple Inc. | Provisioning of credentials on an electronic device using passwords communicated over verified channels |
| TW201528170A (en) * | 2014-01-09 | 2015-07-16 | Mxtran Inc | Authorizing server, authorizing method and computer program product |
| TWM495053U (en) * | 2014-07-18 | 2015-02-01 | Chunghwa Internat Comm Network Co Ltd | Smart phone device of generating one-time password (OTP) and identity validation |
Also Published As
| Publication number | Publication date |
|---|---|
| TW201721502A (en) | 2017-06-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108834144B (en) | Method and system for managing association of operator number and account | |
| US9722984B2 (en) | Proximity-based authentication | |
| CN105024819B (en) | A kind of multiple-factor authentication method and system based on mobile terminal | |
| US10116448B2 (en) | Transaction authorization method and system | |
| US8646063B2 (en) | Methods, apparatus, and computer program products for subscriber authentication and temporary code generation | |
| US8606234B2 (en) | Methods and apparatus for provisioning devices with secrets | |
| WO2017193741A1 (en) | Payment authentication method, apparatus and system for onboard terminal | |
| CN102006271B (en) | IP address secure multi-channel authentication for online transactions | |
| CN101242271B (en) | Trusted remote service method and system | |
| US20110197267A1 (en) | Secure authentication system and method | |
| CN107241339B (en) | Identity authentication method, identity authentication device and storage medium | |
| US20110219427A1 (en) | Smart Device User Authentication | |
| US8302175B2 (en) | Method and system for electronic reauthentication of a communication party | |
| WO2014183526A1 (en) | Identity recognition method, device and system | |
| CN103391197A (en) | Web identity authentication method based on mobile token and NFC technology | |
| TWI632798B (en) | Server, mobile terminal, and network real-name authentication system and method | |
| JP2009537893A (en) | Wireless transaction authentication method | |
| US20200196143A1 (en) | Public key-based service authentication method and system | |
| CN112953970A (en) | Identity authentication method and identity authentication system | |
| JP2023501021A (en) | Multi-factor authentication that provides credentials via contactless cards for secure messaging | |
| CN112020716A (en) | Remote biometric identification | |
| US11601807B2 (en) | Mobile device authentication using different channels | |
| CN103401686A (en) | User Internet identity authentication system and application method thereof | |
| KR20210116407A (en) | Cross authentication method and system between online service server and client | |
| TW201328280A (en) | Instant communication identity authentication system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MM4A | Annulment or lapse of patent due to non-payment of fees |