US20150039508A1 - Efficient authentication of a user for conduct of a transaction initiated via mobile telephone - Google Patents

Efficient authentication of a user for conduct of a transaction initiated via mobile telephone Download PDF

Info

Publication number
US20150039508A1
US20150039508A1 US14/171,440 US201414171440A US2015039508A1 US 20150039508 A1 US20150039508 A1 US 20150039508A1 US 201414171440 A US201414171440 A US 201414171440A US 2015039508 A1 US2015039508 A1 US 2015039508A1
Authority
US
United States
Prior art keywords
user
telephone
server
message
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/171,440
Inventor
Lars Sigve Bilstad
Ole Vidar Hestás
Atle Hedløy
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
MobileAxept AS
Original Assignee
MobileAxept AS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by MobileAxept AS filed Critical MobileAxept AS
Priority to US14/171,440 priority Critical patent/US20150039508A1/en
Assigned to MOBILEAXEPT AS reassignment MOBILEAXEPT AS ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BILSTAD, LARS SIGVE, HEDLØY, Atle, HESTAS, OLE VIDAR
Publication of US20150039508A1 publication Critical patent/US20150039508A1/en
Priority to US15/058,980 priority patent/US20170024741A1/en
Priority to US16/504,471 priority patent/US20200034843A1/en
Priority to US17/559,605 priority patent/US20220129898A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • G06F21/43User authentication using separate channels for security data wireless channels
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/04Protocols specially adapted for terminals or networks with limited capabilities; specially adapted for terminal portability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Accounting & Taxation (AREA)
  • Software Systems (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Computing Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method and system for authenticating a user for conduct of a transaction initiated by the user via a data-enabled telephone is presented. Efficient use is made of keystrokes on the data-enabled telephone. The data-enabled telephone is capable of initiating telephone calls over a telephone network and of engaging in two-way data communication with a data server in a network and the server enables conduct of the transaction. Caller identification information is received at the server. The information is associated with a telephone call request initiated by the user via the data-enabled telephone to a service number. The caller identification provides basis for authentication of the user and the caller identification information received at the service number is used to address a message to the user. Included in such a message is a logon key for use by the user in accomplishing the transaction. Thus the user can use the logon key to enter into data communication with the server for conduct of the transaction.

Description

    TECHNICAL FIELD
  • This invention relates to authentication of transactions, and more particularly to authentication of transactions initiated via mobile telephone or other data-enabled telephone.
    • BACKGROUND ART
  • Numerous enterprises offer Internet, Intranet and Extranet services which require the user to authenticate him or herself to conduct a transaction, such as accessing a personal bank account, purchasing goods or services or accessing information which may have limited access for any number of reasons. Such transactions are often conducted over the World Wide Web.
  • Accomplishing transactions of this type using a mobile telephone (as defined below) is difficult. Many suppliers of such information wish to allow access to such World Wide Web access directly or via the Wireless Application Protocol (WAP), but limitations, among other things, of keyboards associated with mobile telephones pose obstacles to the user.
  • Although user-specific information, such as Caller ID, normally is sent with a call request from a telephone (including from a mobile telephone), no such unique identifier is sent with most standard WAP or web requests from mobile devices. Thus while a person receiving a phone call can typically use caller ID to determine from which telephone the call originates, a WAP or web server typically lacks data identifying specifically the mobile telephone or other device accessing its services.
  • As a result, existing methods to offer secure web sites normally includes more or less complex processes for the user to identify him or herself, for example by requiring an ID card of the user at a bank, or having the user send a signature as a response to a certified or registered mail letter before a first use, and then requiring use of a combination of a logon name or account number for identification and a password or PIN code for verification. In fact, account numbers or user names and PIN codes have become so frequent that users no longer are able to remember all their different identities and passwords. As a result, users often have to write down their different user names and password in a “secure” location, thus compromising security, or simply do not use the service.
  • Other methods include voice identification for identification and/or verification, or other types of biometric data readers, such as fingerprint.
  • Other methods include attaching special devices to the terminals to read credit cards or other user cards, maybe combined with a PIN code.
  • However, users find such known methods cumbersome and time consuming, particularly in the context of mobile telephones, since the small space allocated to the keyboard makes the entry of long strings difficult, particularly in response to dialogs in which the user is prompted to supply a series of responses that give passwords and user identifications, for example. Furthermore, in a mobile setting, the user may not have access to his or her “secure” storage of user names and password.
  • It is an object of the invention to provide method for user authentication and a related system in which a user may conduct a transaction whereby a user may conduct a transaction in a less cumbersome and less time consuming manner.
  • It is a further object of some embodiments of the invention to provide a method which can be used in a system incorporating a mobile setting in which a user may be authenticated in order to allow the user to perform a transaction.
    • SUMMARY OF THE INVENTION
  • Embodiments of the present invention provide ways of a authenticating a user for conduct of a transaction initiated by the user via a mobile telephone (or other data-enabled telephone) of the user in such a manner as to make efficient use of keystrokes on the telephone. Such embodiments may be implemented so as to reduce or eliminate the need for entering a user name or password. Furthermore, various embodiments facilitate activity by a user of a mobile telephone or other data-enabled telephone to easily and securely log on to a secure web or WAP site a minimum of codes and passwords to remember. Various embodiments take advantage of Caller ID data that are generated at a time a telephone user, including a mobile telephone user makes a telephone call.
  • In a method according to one embodiment of the present invention, the mobile telephone is capable of initiating telephone calls over a wireless telephone network and of engaging in two-way data communication with a data server in network. The data server, which may be implemented, for example, as a WAP server or a web server, enables conduct of the transaction. The method includes receiving caller identification information associated with a telephone call request initiated by the user via the mobile telephone to a service number. This caller identification information provides a basis for authentication of the user. The method further includes using the caller identification information received at the service number to address a message to the user, as well as including, in the message, a logon key for use by the user in accomplishing the transaction. Finally the method includes sending the message; so that on receipt of the message, the user may use the logon key to enter into data communication with the server for conduct of the transaction.
  • In further related embodiments, including in such message a logon key includes providing the logon key and service web-address as a hyperlink, e.g. on the form www.servicedomain.com/logon.asp?logonkey=XYZ, where www.servicedomain.com is the web site for the service, logon.asp is the specific logon page for the domain, and XYZ is the logon key. The logon key in a further embodiment identifies the user. Optionally, the logon key has a lifetime, for purposes of accomplishing the transaction, of less than a specified amount of time. The lifetime may, for example, be limited to less than 6 hours, or less then 1 hour. In further embodiments, the lifetime may be limited to a specific number of log-ons, e.g. one logon, or one log-on within a certain time frame, e.g. one logon and the logon must occur within one hour.
  • In yet further embodiments the message is a WAP push message. Optionally, the caller identifying information includes a telephone number of the mobile telephone.
  • In a further related embodiment, receiving and using the caller identification information is accomplished without answering the call request, so that a connection does not result from the call request. Alternatively, receiving and using the caller identification information includes answering the call request, so that a connection is established.
  • In yet another related embodiment, sending the message includes sending the message to the user's mobile telephone and, on receipt of the message, the user may use the logon key to cause the key to cause the mobile telephone to enter into data communication with the server.
  • In another embodiment, the invention provides a system for authenticating a user for conduct of a transaction initiated by the user via a data-enabled telephone of the user in such a manner as to make efficient use of keystrokes on the data-enabled telephone. Again, in this embodiment, the data-enabled telephone is capable of initiating telephone calls over a telephone network and of engaging in two-way data communication with a data server in a network. The data server enables conduct of the transaction. In this embodiment, the system includes a telephone server, associated with one or more service telephone numbers, for receiving caller identification information associated with a telephone call request initiated by the user via the data-enabled telephone to the service number. A specific service telephone number may be linked to a specific service, such as a donation service, or a specific service provider, such as a specific bank. The caller identification provides a basis for authentication of the user. The telephone server uses the caller identification information received at the service number to address a message to the user. The message includes a logon key for use by the user in accomplishing the transaction. The telephone server also sends the message. The embodiment also includes a data server for data communication with the data-enabled telephone of the user, accessible to the user upon use of the logon key by the user. In this embodiment, on receipt of the message, the user may use the logon key to enter into data communication with the data server for conduct of the transaction.
  • In a further related embodiment, wherein the data-enabled telephone is a mobile telephone. Optionally, the data server is a WAP server, and also optionally, the logon key is a hyperlink to a web site. In addition, the logon key may identify the user. Optionally, the logon key has a lifetime, for purposes of accomplishing the transaction, of less than a specified amount of time, which may be, for example, less than 6 hours, or less than 1 hour. Also optionally the logon key can be used a limited number of times for purposes of accomplishing the transaction, for example, only once, or only once and the logon must occur within a certain timeframe, for example, within an hour.
  • Also optionally, the message is a WAP push message. In a further related embodiment, the caller identifying information includes a telephone number of the mobile telephone. Optionally, the telephone server obtains the caller identification information without answering the call request, so that a connection does not result from the call request. Alternatively, the telephone server may obtain the caller identification information in the course of answering the call request, so that a connection is established following the call request.
  • In a further related embodiment, the data-enabled telephone may have preinstalled software which can automatically establish the connection for accomplishing the transaction, based on the message and the logon key.
  • An advantage of various embodiments is that they may be deployed without any software updates, downloads or other changes to the mobile telephone. Furthermore, embodiments may be implemented with more than one level of security, e.g. security based on Caller ID for medium sensitive data and operations, and an additional PIN code, for example, for more sensitive data and operations.
  • The present invention also includes a computer readable medium storing program instructions by which the method of the invention can be performed when the stored program instructions are appropriately loaded into one or more computers, and a system for implementing the method of the invention.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • A more complete appreciation of the invention and many of the attendant advantages thereof will be readily obtained as the same becomes better understood by reference to the following detailed description when considered in connection with the accompanying drawings, wherein:
  • FIG. 1 is a flow chart illustrating a method and system for user identification and verification according to an exemplary embodiment of the present invention;
  • FIG. 2 is a flow chart illustrating another method and system for a user identification and verification, according to another exemplary embodiment of the present invention;
  • FIG. 3 is a flow chart illustrating another exemplary embodiment of the invention;
  • FIG. 4 is a flow chart illustrating another exemplary embodiment of the present invention;
  • FIG. 5 is a flow chart illustrating a further exemplary embodiment of the present invention;
  • FIG. 6A is an exemplary screen shot according to an exemplary embodiment of the present invention;
  • FIG. 6B is another exemplary screen shot according to an exemplary embodiment of the present invention;
  • FIG. 6C is another exemplary screen shot according to an exemplary embodiment of the present invention;
  • FIG. 7A shows a typical mobile phone with keyboard to which embodiments of the present invention are applicable;
  • FIG. 7B shows a number keyboard of the mobile phone shown in FIG. 7A; and
  • FIG. 8 is a schematic illustration of a general purpose computer for performing the processes of the present invention, according to an exemplary embodiment of the present invention.
    •  DETAILED DESCRIPTION OF SPECIFIC EMBODIMENTS
  • Definitions. As used in this description and the accompanying claims, the following terms shall have the meanings indicated, unless the context otherwise requires:
  • A “data-enabled telephone” is a communication device that is able both to initiate telephone calls over a telephone network and to engage in two-way data communication with a data server (such as a WAP server or a web server) in a data communication network; The data communication network may be a computer network, a communication network, or any otherwise known network capable of transmitting digital information. A data-enabled telephone (an example of which is the French Minitel) may operate over a wired telephone network or may be a mobile telephone (as defined herein).
  • A “mobile telephone” is a personal communication device that is able both to initiate telephone calls over a wireless telephone network and to engage in two-way data communication with a data server (such as a WAP server or a web server) in a computer network; accordingly, the term “mobile telephone” includes a conventional cell phone having access to the World Wide Web directly or via the wireless application protocol (WAP) or internet access capability as well as an appropriately configured smartphone or a telephone-enabled personal digital assistant (PDA). A “mobile telephone” is therefore a species of a data-enabled telephone.
  • In an embodiment of the present invention, user identification and verification is achieved by a service provider providing a service telephone number (access number). E.g. the service provider may be a church or charity donation system, or a banking application. The charity may have its own service number, in order to allow its donors to donate money to the church. The charity may also provide other, specific telephone numbers for targeted gifts, e.g. for gifts to aid after a natural disaster. Similarly, the bank may provide a specific number for online, mobile banking.
  • In another embodiment of the invention, the service provider may service several charities, banks and other organizations, each with its own service access number or numbers. Such a service provider may be called a Service Implementer. Normally, the Service Implementer's customers are the Service Providers. For simplicity, in this document, the terms Service Provider and Service Implementer are used interchangeably.
  • Further exemplary embodiments are described in the following examples.
    • Example 1
  • A flow chart of an identification and verification system and method according to a first exemplary embodiment of the invention is depicted in FIG. 1. In this example, we have assumed that the call is initiated by the user on a mobile telephone. However, it is within the scope of the present invention for the user to initiate the call on any other data-enabled telephone, such a French Minitel.
  • Users who wish to get access to a service, such as to donate money to a charity or access their online mobile bank, will dial the appropriate service access number 100.
  • The service provider's telephone server receives the call request 300 and reads the associated data, or at least the necessary part of the data. Such data may include Caller ID (which may include the user's telephone number), The telephone server may or may not answer the telephone call request, as the associated data may be available without answering the call. The Service provider's telephone server checks to see if the user is registered for this service 310, for a bank application this normally includes checking that the Caller ID is associated with one or more bank account numbers. For a donation service, the Caller ID would normally be associated with a credit card number or other payment account number, possibly together with information required for charity tax deductions.
  • As will be readily apparent to those skilled in the art, if a user is already registered with his or her credit card number in connection with donations to one charity, the user may subsequently call another charity's access number connected to the same telephone server and donate money, without further registration, or even pay for purchases calling the appropriate service access number.
  • If the user's Caller ID is not registered for the service, the telephone server may send a message back to the user 320. In a typical embodiment, the server will then answer the call request and play a voice message back to the user informing that he or she must first register. The user may then be given the choice to receive an SMS WAP push message with a link to a web server in order to register, or, alternatively, to register at once through this telephone connection. If the user wishes to register over the phone, he or she is connected to the registration module. In a typical embodiment, the registration module will interact with the user with voice/DTMF, in which the user can type in the required registration information using the phone keyboard. The user may also be connected to a staffed service at this point.
  • If, on the other hand, the user is registered (or no registration is required), the telephone server will create a unique message including the logon key 330. In one embodiment, this is simply a hyperlink to a web site, i.e. a web address, for the service (the same for all users) with a unique system generated string as a parameter serving as the logon key (normally different for each user and each request). In this embodiment, the logon key is stored with a time stamp and the users associated data in the service providers system's memory. An exemplary method is to send the unique message as an SMS WAP push message to the user's cell phone.
  • The telephone server, in related embodiments, may also send different messages, and utilize different message formats, dependent on the capabilities of the user's telephone. The capabilities of the user's telephone can be made available as information stored in the system, in order that the message format can be adapted to known capabilities of the user's phone. The system may for example know the size of the telephone screen, such as the number of pixels or characters which can fit on one display page, and format the message accordingly. In exemplary embodiments, the telephone server will send WAP push messages, or MMS messages to phones that can handle these types of messages, and different kinds of messages to other phones.
  • The telephone server may utilize data as to the kind of phone the user has either because the user has given such data to the server, or because the telephone server may be able to determine the telephone type and model number from the information included in the user call request, and then look up the phone's capabilities.
  • When the user receives the SMS WAP push message 120 he may select the web link 130, and the user's phone or terminal will make a connection with the web site.
  • The web link is typically implemented as a logon key and may include a time stamp or similar, possibly encoded, which will make the server accept these unique data elements for logon for a limited time, to increase security. If so, the web server system will look at the logon key in the log-on request, and, if the time stamp is expired, access will not be allowed. However, if the connection attempt is made within the limit set by the time stamp, and all other parts of the log-on parameters are ok, the server system will allow access.
  • The logon key of the response message may also, or instead, include other features which limit multiple or indefinite accesses. In one embodiment, the server allows only one or a limited number of logons with any given logon key. Thus, in order to log on yet another time, the user may first have to obtain a new logon key. In one embodiment, the logon key may be used only for identification, i.e. to let the web server know which account the user wish to access.
  • The log on key for use by the user may also have a limited lifetime for limiting the time available for accomplishing a transaction. Such a lifetime can for example be less than 6 hours or even as low as 1 hour to limit the time such a transaction is accessible to the user, and for increasing security.
  • The server may then ask the user to provide verification, e.g. in the form of a PIN code, fingerprint or any other form of verification that the user is who he or she claims to be. Some servers may also have different levels of security, e.g. simple and less sensitive tasks accept the logon key as identification and verification, while if the user wants to perform more sensitive tasks system may ask the user to provide stronger verification, such as a PIN code, biometric verification such as voice identification or fingerprint, etc. One such application may be in banking where the bank server may accept the logon key as identification of the user and verification for simple tasks, such as seeing the bank balance or transferring funds between the user's own accounts, and require stronger verification, e.g. in the form of a PIN code, to transfer funds to 3rd parties.
  • Returning now to the figure, the web server receives the browse request with the logon key 400, e.g. in the parameter, and looks it up to compare with previously stored logon keys 410. If found, the web server checks that the time stamp is OK, i.e. that the user logon attempt is within the set time limit 410. If so, it allows access to the web site, and presents the first web page with the user already logged in 430. If the logon key is not found, or the logon attempt is after the time limit, another web page is presented to the user, informing him or her of the failure 420.
  • Once the users logged on to the web site, he or she may move around freely, as on any web site.
    • Example 2
  • A flow chart of an identification and verification system and method according to another exemplary embodiment of the invention is depicted in FIG. 2.
  • Once the telephony server receives the user ID 300, it checks to see if this user is registered by checking against a database 500 of registered users for this service 310. If the user is not registered for the service, the system performs the appropriate handling of this situation 320, for example, including telling the user that s/he needs to register for the service first.
  • If, on the other hand, the user is registered (or no registration is required), the telephone server will create a unique message including the logon key 330. In a typical embodiment, this is simply a web address for the service (the same for all users) with a unique system generated string as a parameter serving as the logon key for this particular user and log-on attempt. An exemplary method is to send the unique message as an SMS WAP push message to the user's cell phone. The system also informs the WAP or web server for the service that it can expect a logon with these parameters 335, and this is logged in a database 510. The log 510 may or may not be in the same database as the registration information 500 the system also sends the unique to the user.
  • The WAP server receives the message and the log-on string parameters from the telephone server 390, and stores these parameters, associated with the user in a database 520. The database may simply be a list stored in the computer's memory, a file, or a relational or any other database.
  • Once the user attempts the log-on using the unique log-on string received from the telephone server 400, the WAP server checks 410 with the database 520 to see if this is a correct log-on string.
  • If the log-on string is not correct, the system does not allow the log-on and presents a message to the user 420. If, on the other hand, the log-on parameters are correct, the system proceeds to step 430 and allows the log-on, presenting to the user the appropriate web/WAP page.
  • The user may now interact with the web/WAP site normally 450.
    • Example 3
  • A flow chart of another exemplary embodiment of the invention is depicted in FIG. 3. This exemplary embodiment is similar to that of Example 2 above, with some differences, as described here. In Step 330, the unique logon message is created using information previously stored in a database, for example, during registration. Steps 335, 390 and 395 are optional, as for some embodiments these steps may not be needed, if the unique log-on string can be interpreted correctly by the WAP server without the WAP server's getting the specific log-on string, or part of it, from the telephone server. An example of a situation when these steps are needed is in the case that the unique log-on string is generated randomly, or if it for some other reason it is not possible to identify the user from the log-on string. If, however, it is possible to find the WAP server user ID associated with the user fro the log-on string, these steps are not needed.
    • Example 4
  • A flow chart of another exemplary embodiment of the invention is depicted in FIG. 4. In this example the registration process may be handled entirely by the telephone server. In step 200, the registration server, which may or may not be the same as the telephone server, receives the registration request from the user. In a typical implementation of this embodiment, the user will call up the standard service number, and, if he is not registered, he will be transferred to this registration process. However, the registration process may also be achieved over the Internet, using DTMF over a phone line, WAP, or even with an operator-assisted service, or through any other suitable method.
  • The system will check if the user is already in the database of registered users for this service 510. If the user is already registered 210, the user is given a message to this effect 220. If not, the system proceeds to step 230. Here, the system will prompt the user for the necessary information, such as the user ID for the service (e.g. account number), possibly a social security number or similar, if needed, etc.
  • If the registration process occurs through some other means than through the telephone line, the user must also specify his telephone caller ID (telephone number), and there may be a need to verify that the user has given the correct telephone number. This may be achieved by sending a message to the telephone number given by the user, and have the user respond to this message, or supply a code including a log-on key transferred as part of a message in the registration process, thus proving that the user is in possession of the phone with this ID.
  • Once a certain piece of information is supplied by the user in step 230, the system may need to check that the information is correct, or has the correct format, e.g., the correct number of digits, etc. in step 240. If one piece of information was incorrect, the user is given a message about the problem and asked to submit the information again 250. If the information given is correct, the system may prompt for more information 260 until all is given.
  • Once all the information is received, the necessary information is saved 295 in a database 510, and the user is informed that the process is complete 299.
    • Example 5
  • A flow chart of another exemplary embodiment of the invention is depicted in FIG. 5. In this exemplary embodiment the registration system must communicate with the actual service provider system. Steps 200 to 260 are the same as in the previous example, but in step 270, the registration system will send a confirmation request to the WAP server or the service provider system.
  • This request may contain the user ID in the service provider system as given by the user in the previous set 230, or it may be a request to receive this user ID, or an alias for the user ID based on information provided by the user or the system. The registration data are received 600 on the WAP Server side. The alias may be established expressly for the purpose of communication between the registration server and the service provider system, thus increasing security.
  • In step 610 the system checks that all is OK, and if not, in step 640, notifies the registration server (telephony server) that it was not. Alternatively, if the information is OK, the system may need to save some information for later use 630 in a database 520, and returns an OK, possibly with more information as required, to the registration server in step 640. In step 280 the registration server received this notification, i.e. the status from the WAP Server, and the system completes according the response in a similar way as in example 4 above.
  • In an exemplary embodiment of the invention, a registration may be to a specific service with a specific service provider and be valid for one service number only, such as a donation to a specific charity only. In other embodiments, the registration may be more general, so that e.g. a registration to a donation service for a specific charity with donations paid via a credit card, may automatically, or semi-automatically, register the user for other payment services or for donations to other charities. In this way, a cumbersome registration process may be simplified or entirely eliminated.
  • Various exemplary screen shots which are generated during execution of the program, according to the present invention, will now be described with reference to FIGS. 6, which refer to an exemplary embodiment of a donation system according to the invention. FIG. 6 a depicts exemplary screen of a message to the user confirming successful registration.
  • FIG. 6 b depicts an exemplary screen of a WAP link message transmitted to and presented to the user on the display of the mobile phone, the WAP link message containing the login key. As an example, the message can be:
  •
    {quickCollect,
    regards mobileAxept
    <http://194.24.252.72;8080/sms/mobile/regstep2.jsp?
    accessNumber=004700030043&
    mobileNumber=0047637576240&
    accessCode=7293>
    }
  • In this example a heading provides a user of a mobile phone with information about the service sending the message, while the remaining characters constitute a WAP-link which the user may click on, in order to activate a service, in this case a donation to a charity of some form having a receiving account linked to a telephone donation number. As can be seen, the log-on key in this case includes an access code.
  • In some implementations, or on some cell phones or terminals, the link would not be explicitly visible to a user, but a clickable link could be indicated on the display. FIG. 6 c depicts an exemplary screen of a message to the user confirming successful donation, including confirmation of the amount donated.
  • FIG. 7 illustrates a typical mobile telephone to which embodiments of the present invention are applicable. FIG. 7 a shows a typical mobile telephone unit, including display and keyboard; and FIG. 7 b illustrates a typical numeric keyboard of such a unit. Alphabetic characters are accessed through multiple clicks on a numeric key. E.g. To type a “c”, the user must first put the phone in “alpha mode” and then click three times on the key of the number “2”.
  • FIG. 8 is a schematic illustration of a computer system for implementing the present invention. A computer 800, for example in the form of a portable or handheld type of personal computer (PC) can be used to implement the method according to the present invention, wherein the computer includes, for example, a display device 802, such as a conventional display device or a touch screen monitor with a touch-screen interface, etc., a keyboard 804, a pointing device 806, a mouse pad or digitizing pad 808, a hard disk 810, or other fixed, high density media drives, connected using an appropriate device bus (e.g., a SCSI bus, an Enhanced IDE bus, an Ultra DMA bus, a PCI bus, etc.), a floppy drive 812, a tape or CD ROM drive 814 with tape or CD media 816, or other removable media devices, such as magneto-optical media, etc., and a mother board 818. The mother board 818 includes, for example, a processor 820, a RAM 822, and a ROM 824 (e.g., DRAM, ROM, EPROM, EEPROM, SRAM, SDRAM, and Flash RAM, etc.), I/O ports 826 which may be used to couple to external devices, networks, etc., (not shown), and optional special purpose logic devices (e.g., ASICs) or configurable logic devices (e.g., GAL and re-programmable FPGA) 828 for performing specialized hardware/software functions, such as sound processing, image processing, signal processing, neural network processing, object character recognition (OCR) processing, etc., a microphone 830, and a speaker or speakers 832.
  • Using the standard technology mentioned above a computer program can be incorporated into the computer for realizing a telephone function. In the case of a portable laptop or handheld computer having a wireless connection, for example using a WLAN (Wide-Area Local Area Netwok), such a telephone function would include a user interface, in this case denoted PB on FIG. 8, presented on the display device for achieving telephone functionality. In an alternative, an external telephone device, denoted PA on FIG. 8, could be connected to the computer for achieving telephone function more similar to a traditional telephone. Such an external telephone device could for example be connected to a portable computer via a standard USB-interface in the computer.
  • As stated above, the system includes at least one computer readable medium, or alternatively, the computer readable medium may be accessed through various paths, such as networks, internet, drives, etc. Examples of computer readable media are compact discs, hard disks, floppy disks, tape, magneto-optical disks, PROMs (EPROM, EEPROM, Flash EPROM), DRAM, SRAM, SDRAM, etc. Stored on any one or on a combination of computer readable media, the present invention includes software for controlling both the hardware of the computer 800 and for enabling the computer 800 to interact with a human user via one of the said telephone devices PA, PB. Such software may include, but is not limited to, device drivers, operating systems and user applications, such as development tools. Such computer readable media further includes the computer program product of the present invention for performing any of the processes according to the present invention, described above (see, e.g., FIGS. 1-8). The computer code devices of the present invention can be any interpreted or executable code mechanism, including but not limited to scripts, interpreters, dynamic link libraries, Java classes, and complete executable programs, etc.
  • The invention may also be implemented by the preparation of application specific integrated circuits or by interconnecting an appropriate network of conventional component circuits, as will be readily apparent to those skilled in the art.
  • User identification and/or verification, according to embodiments of this invention, is a significant simplification relative to existing methods, and requires little or no training on the part of a user. In addition, a system according to embodiments of the present invention, can be created and created in most existing programming languages and be connected to most modern data enabled telephones. Therefore, according to embodiments of the present invention, the process of login on to a secure web site is significantly simplified, since this may now be performed using the simplified log-on process and a reduced number of keystrokes.
  • Although embodiments of the present invention is defined in terms of the user typing using the terminal or phone keyboard, the invention may also be implemented using voice identification or other substitutes for keyboard interaction, thus eliminating entirely or partly the need to use the terminal keyboard, as will be readily apparent to those skilled in the art.
  • Although embodiments of the present invention have been described in terms of the user's being able to activate a link to access a secure web site, the invention may also be implemented or used in a manner such that the user must type in the link and/or the logon key in order to access the web site.
  • Although embodiments of the present invention have been described in terms the caller identification information being the caller ID or telephone number, the system may also be implemented using other unique information associated with the call request.
  • Although embodiments of the present invention have been described in terms of sending the logon message to the user using the Caller ID as the address, the system may also use other means for identifying the user, and look up the correct address for the logon message based on such other identification.
  • Although the exemplary embodiments described in this text and figures imply a specific order of events, several of the events and processes may happen in a different order.
  • Although the present invention is described in terms of telephone servers, WAP servers, registration servers and/or service provider servers, these systems may in fact be combined in many different ways, e.g. into fewer systems and servers, or, on the contrary, be further divided into more servers performing only parts of the functionality described for each server in the embodiments described herein.
  • Obviously, numerous modifications and variations of embodiments of the present invention are possible in light of the above teachings. It is therefore to be understood that within the scope of the appended claims, the invention may be practiced otherwise than as specifically described herein.

Claims (7)

1-17. (canceled)
18. A method of registering a user for a transaction initiated by the user via a data-enabled telephone, the method comprising:
receiving a request from the data-enabled telephone to initiate the transaction, wherein the request is sent to a service number;
identifying caller identification information associated with the request;
checking the caller identification information against a user registration database;
determining that the user is not registered;
sending the user a message to register; and
receiving user registration information from the user.
19. The method of claim 18, wherein the method involves the use of a text message.
20. The method of claim 19, wherein the text message is a short message service (SMS) message.
21. The method of claim 18, wherein the user registration information is associated with a credit card number or payment account number.
22. The method of claim 18, wherein the user registration information is associated with the caller identification information
23. The method of claim 18, wherein the message contains a key.
US14/171,440 2006-12-22 2014-02-03 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone Abandoned US20150039508A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US14/171,440 US20150039508A1 (en) 2006-12-22 2014-02-03 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone
US15/058,980 US20170024741A1 (en) 2006-12-22 2016-03-02 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone
US16/504,471 US20200034843A1 (en) 2006-12-22 2019-07-08 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone
US17/559,605 US20220129898A1 (en) 2006-12-22 2021-12-22 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US11/615,211 US8325889B2 (en) 2006-12-22 2006-12-22 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone
US13/661,846 US20130080332A1 (en) 2006-12-22 2012-10-26 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone
US14/171,440 US20150039508A1 (en) 2006-12-22 2014-02-03 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US13/661,846 Continuation US20130080332A1 (en) 2006-12-22 2012-10-26 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US15/058,980 Continuation US20170024741A1 (en) 2006-12-22 2016-03-02 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone

Publications (1)

Publication Number Publication Date
US20150039508A1 true US20150039508A1 (en) 2015-02-05

Family

ID=39542820

Family Applications (7)

Application Number Title Priority Date Filing Date
US11/615,211 Active 2031-04-21 US8325889B2 (en) 2006-12-22 2006-12-22 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone
US12/520,270 Abandoned US20100029249A1 (en) 2006-12-22 2007-12-20 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone
US13/661,846 Abandoned US20130080332A1 (en) 2006-12-22 2012-10-26 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone
US14/171,440 Abandoned US20150039508A1 (en) 2006-12-22 2014-02-03 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone
US15/058,980 Abandoned US20170024741A1 (en) 2006-12-22 2016-03-02 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone
US16/504,471 Abandoned US20200034843A1 (en) 2006-12-22 2019-07-08 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone
US17/559,605 Abandoned US20220129898A1 (en) 2006-12-22 2021-12-22 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone

Family Applications Before (3)

Application Number Title Priority Date Filing Date
US11/615,211 Active 2031-04-21 US8325889B2 (en) 2006-12-22 2006-12-22 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone
US12/520,270 Abandoned US20100029249A1 (en) 2006-12-22 2007-12-20 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone
US13/661,846 Abandoned US20130080332A1 (en) 2006-12-22 2012-10-26 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone

Family Applications After (3)

Application Number Title Priority Date Filing Date
US15/058,980 Abandoned US20170024741A1 (en) 2006-12-22 2016-03-02 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone
US16/504,471 Abandoned US20200034843A1 (en) 2006-12-22 2019-07-08 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone
US17/559,605 Abandoned US20220129898A1 (en) 2006-12-22 2021-12-22 Efficient authentication of a user for conduct of a transaction initiated via mobile telephone

Country Status (4)

Country Link
US (7) US8325889B2 (en)
EP (1) EP2116010A2 (en)
CA (1) CA2673512A1 (en)
WO (1) WO2008079018A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107093072A (en) * 2016-12-20 2017-08-25 招商银行股份有限公司 Card Activiation method and device

Families Citing this family (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080216153A1 (en) * 2007-03-02 2008-09-04 Aaltonen Janne L Systems and methods for facilitating authentication of network devices
US20140355592A1 (en) 2012-11-01 2014-12-04 Datavalet Technologies System and method for wireless device detection, recognition and visit profiling
US9003488B2 (en) * 2007-06-06 2015-04-07 Datavalet Technologies System and method for remote device recognition at public hotspots
US8769652B2 (en) * 2008-04-23 2014-07-01 Clear Channel Management Services, Inc. Computer based method and system for registering a user at a server computer system
US8185443B2 (en) * 2008-10-27 2012-05-22 Ebay, Inc. Method and apparatus for authorizing a payment via a remote device
US20130246296A1 (en) * 2012-03-19 2013-09-19 @Pay LLC Method for processing multimodal mobile donations via text message and email communication
US9325845B2 (en) * 2012-06-21 2016-04-26 24/7 Customer, Inc. Method and apparatus for diverting callers to Web sessions
EP3008935B1 (en) * 2013-06-12 2022-04-20 Telecom Italia S.p.A. Mobile device authentication in heterogeneous communication networks scenario
US9521141B2 (en) 2014-02-12 2016-12-13 Bank Of America Corporation Caller validation
US11068923B2 (en) * 2014-09-18 2021-07-20 Edatanetworks Inc. System for loyalty program
US9646307B2 (en) 2014-09-23 2017-05-09 Sony Corporation Receiving fingerprints through touch screen of CE device
US9355424B2 (en) 2014-09-23 2016-05-31 Sony Corporation Analyzing hack attempts of E-cards
US9202212B1 (en) 2014-09-23 2015-12-01 Sony Corporation Using mobile device to monitor for electronic bank card communication
US10262316B2 (en) 2014-09-23 2019-04-16 Sony Corporation Automatic notification of transaction by bank card to customer device
US9367845B2 (en) 2014-09-23 2016-06-14 Sony Corporation Messaging customer mobile device when electronic bank card used
US9317847B2 (en) 2014-09-23 2016-04-19 Sony Corporation E-card transaction authorization based on geographic location
US9953323B2 (en) 2014-09-23 2018-04-24 Sony Corporation Limiting e-card transactions based on lack of proximity to associated CE device
US9292875B1 (en) 2014-09-23 2016-03-22 Sony Corporation Using CE device record of E-card transactions to reconcile bank record
US9558488B2 (en) 2014-09-23 2017-01-31 Sony Corporation Customer's CE device interrogating customer's e-card for transaction information
US9378502B2 (en) 2014-09-23 2016-06-28 Sony Corporation Using biometrics to recover password in customer mobile device
US9781089B2 (en) * 2015-01-28 2017-10-03 Dropbox, Inc. Authenticating a user account with a content management system
GB2539899A (en) * 2015-06-29 2017-01-04 Aeriandi Ltd Secure payment method and system for a voice telephony based payment system implemented over a telecommunications network
CN111048083A (en) * 2019-12-12 2020-04-21 深圳康佳电子科技有限公司 Voice control method, device and storage medium
US20220321403A1 (en) * 2021-04-02 2022-10-06 Nokia Solutions And Networks Oy Programmable network segmentation for multi-tenant fpgas in cloud infrastructures

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004043047A2 (en) * 2002-11-03 2004-05-21 Hellotech Technologies Ltd. Improved mobile payment system
US20050222913A1 (en) * 2004-04-01 2005-10-06 Ian Eisenberg PR/SMS business method, system and method of conducting business
US20080046988A1 (en) * 2004-10-20 2008-02-21 Salt Group Pty Ltd Authentication Method

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW249877B (en) * 1993-11-23 1995-06-21 Bellsouth Int Inc
US5892900A (en) * 1996-08-30 1999-04-06 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US6493430B2 (en) 1996-12-24 2002-12-10 At&T Wireless Services, Inc. Method of wireless retrieval of information
US6208853B1 (en) * 1998-02-24 2001-03-27 Lucent Technologies Inc. Methods for registering a warranty for a wireless device
US6799155B1 (en) * 1998-12-11 2004-09-28 Allied Signal Inc. Replacement of externally mounted user interface modules with software emulation of user interface module functions in embedded processor applications
US20010045451A1 (en) 2000-02-28 2001-11-29 Tan Warren Yung-Hang Method and system for token-based authentication
US6977917B2 (en) 2000-03-10 2005-12-20 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for mapping an IP address to an MSISDN number within a service network
JP2001344537A (en) 2000-05-31 2001-12-14 Ntt Docomo Inc Electronic value system, communication terminal and server
US6985587B2 (en) * 2000-12-22 2006-01-10 Sbc Technology Resources, Inc. Method and system for calling line authenticated key distribution
AU2002351034A1 (en) 2001-11-29 2003-06-10 Niel Eben Viljoen Method and system for operating a banking service
US20030157925A1 (en) 2002-02-21 2003-08-21 Sorber Russell E. Communication unit and method for facilitating prepaid communication services
US6934535B2 (en) 2002-12-02 2005-08-23 Nokia Corporation Privacy protection in a server
JP4744106B2 (en) * 2003-08-06 2011-08-10 パナソニック株式会社 Secure device, information processing terminal, communication system, and communication method
NO324253B1 (en) 2003-11-03 2007-09-17 Mobileaxept As Procedure and system for providing access to bank account information, from mobile phone
US20050125315A1 (en) 2003-12-08 2005-06-09 Munoz Jaime M.N. System for account management and method therefor
US7309699B2 (en) * 2003-12-22 2007-12-18 Abbott Laboratories 3-Quinuclidinyl amino-substituted biaryl derivatives
WO2005109938A1 (en) 2004-05-12 2005-11-17 Telefonaktiebolaget L M Ericsson (Publ) Authentication system
US7609686B1 (en) * 2004-11-01 2009-10-27 At&T Mobility Ii Llc Mass multimedia messaging
EP1828968A1 (en) 2004-11-03 2007-09-05 Mobileaxept AS A method and a system for providing information from a customer"s bank account to his mobile phone
WO2008004241A2 (en) * 2006-07-07 2008-01-10 Alon Schwarz A method and system for ordering and supplying goods and services via a cellular phone

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004043047A2 (en) * 2002-11-03 2004-05-21 Hellotech Technologies Ltd. Improved mobile payment system
US20050222913A1 (en) * 2004-04-01 2005-10-06 Ian Eisenberg PR/SMS business method, system and method of conducting business
US20080046988A1 (en) * 2004-10-20 2008-02-21 Salt Group Pty Ltd Authentication Method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107093072A (en) * 2016-12-20 2017-08-25 招商银行股份有限公司 Card Activiation method and device

Also Published As

Publication number Publication date
US20100029249A1 (en) 2010-02-04
US20220129898A1 (en) 2022-04-28
EP2116010A2 (en) 2009-11-11
US8325889B2 (en) 2012-12-04
US20130080332A1 (en) 2013-03-28
US20200034843A1 (en) 2020-01-30
CA2673512A1 (en) 2008-07-03
WO2008079018A2 (en) 2008-07-03
WO2008079018A3 (en) 2008-09-12
US20080152099A1 (en) 2008-06-26
US20170024741A1 (en) 2017-01-26

Similar Documents

Publication Publication Date Title
US20220129898A1 (en) Efficient authentication of a user for conduct of a transaction initiated via mobile telephone
US11461760B2 (en) Authentication using application authentication element
US8887232B2 (en) Central biometric verification service
US8555355B2 (en) Mobile pin pad
US8103246B2 (en) Systems and methods for remote user authentication
US6973575B2 (en) System and method for voice recognition password reset
US9578022B2 (en) Multi-factor authentication techniques
KR20060047252A (en) Account creation via a mobile device
JP2007328381A (en) Authentication system and method in internet banking
CN106875177A (en) Order processing method, device and paying server
US11900453B2 (en) Digital identity sign-in
JP4746643B2 (en) Identity verification system and method
US20070250450A1 (en) System and method for conducting mobile transactions
US20190253499A1 (en) System, method, and computer-readable storage medium that establish a communication path between a mobile device and a non-mobile device
WO2010050406A1 (en) Service providing system
JP2017058731A (en) Method and system for preventing unauthorized transaction
US20080162158A1 (en) Authentication Services Compensation System
TWI745804B (en) Method for accessing financial service via interactive message and system thereof
AU2016277629A1 (en) Authentication using application authentication element
RU2706172C1 (en) Terminal-server complex for data verification in connection with provision of bank financial product
JP5495333B2 (en) Authentication device, authentication system, authentication method, and program
US20230125547A1 (en) Authorization code for access
TWM627363U (en) System for performing cross-platform identity verification
KR20220045444A (en) Server and method for providing payment service for unregistered card
TWM575156U (en) Video verification providing system

Legal Events

Date Code Title Description
AS Assignment

Owner name: MOBILEAXEPT AS, NORWAY

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BILSTAD, LARS SIGVE;HESTAS, OLE VIDAR;HEDLOEY, ATLE;REEL/FRAME:033815/0477

Effective date: 20130115

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION