WO2002091144A1 - Method of secure transactions by means of two public networks - Google Patents

Method of secure transactions by means of two public networks Download PDF

Info

Publication number
WO2002091144A1
WO2002091144A1 PCT/SK2002/000005 SK0200005W WO02091144A1 WO 2002091144 A1 WO2002091144 A1 WO 2002091144A1 SK 0200005 W SK0200005 W SK 0200005W WO 02091144 A1 WO02091144 A1 WO 02091144A1
Authority
WO
WIPO (PCT)
Prior art keywords
authorisation
transaction
user
headquarters
code
Prior art date
Application number
PCT/SK2002/000005
Other languages
French (fr)
Inventor
Roman Dzamko
Marek Vaclavik
Original Assignee
Roman Dzamko
Marek Vaclavik
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Roman Dzamko, Marek Vaclavik filed Critical Roman Dzamko
Publication of WO2002091144A1 publication Critical patent/WO2002091144A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels

Definitions

  • the invention concerns the method of the securing and transfer of information necessary for authentication of the person who is a holder of certain access rights to a secure system or for performance of a transaction requiring increased security and that is realised by means of public data networks, this primarily meaning bank transactions performed with the help of payment cards.
  • Security of a system ensuring the transfer of the data is given by the security of the software application used and the physical security of the hardware system, where the securing of the application comprises the performance of the authentication of a client, certification and verification of the data transferred.
  • the securing of the application comprises the performance of the authentication of a client, certification and verification of the data transferred.
  • the securing of the application comprises the performance of the authentication of a client, certification and verification of the data transferred.
  • Authentication comprises verifying of the identity of the counter party.
  • the counter party inputs a code, which unequivocally verifies his identity.
  • the code may be one, uniquely given, assigned to the identity (the most common example is the PIN in the case of a credit card), or generated by various code generators.
  • a disadvantage of the one unequivocally given code is its easy abuse. Such codes can not be used in the area of the Internet for the needs of secure authentications. In the case of such a code being captured, the code may be abused without the direct knowledge of its owner, who learns of the abuse only from secondary sources.
  • a typical example is again bank transactions, which may not be executed by means of one uniquely given code (PIN code).
  • the owner of the access rights realised by means of the PIN code learns of the realised transactions usually only from his account statements.
  • the other way of authentication is mainly used by banks for securing bank transactions realised by means of the Internet. This method is usually denoted as an Internet banking service.
  • the code generated by the code generators is forwarded to the bank, which by means of it verifies the client' s identity. In the case that the client is interested, he may also verify the identity of the counter party, i.e. to reassure himself that he really is communicating with his bank.
  • the generated codes on the one hand bring the increased security, but on the other also increased costs connected with the production of the code generator. This usually concerns a dedicated hardware devices and the costs for their acquisition must be met by one of the communicating parties.
  • Authorisation means the confirmation of the validity of distributed data.
  • the code generator which uses access data for generating the codes, which are directly tied to the subj ect of the authorisation, it is possible to make sure that the data distributed will not be altered by anyone during their transfer.
  • An example is a bank operation where it is possible for generating the certification code to use the following data - number of client' s account, number of the counter account, amount, etc.
  • the code generator generates the authorisation code (this is a number deformed by means of an encryption algorithm of the code).
  • the client of the bank the initiator of the transfer will send it off to the bank, which with its help will be able to verify the integrity of the transferred data.
  • the disadvantages of authorisation performed in the stated manner are analogous to those stated in the part regarding the authentication.
  • Encryption is the conversion of perceivable and comprehensible data into an encrypted form that is apparently meaningless.
  • At present in each new dialling connection through the Internet there usually occurs the generation and exchange of a random key between the communicating participants, subsequently used for coding the communication occurring, where the number of potential keys is dependent from the power of encryption, i.e. the length of the encryption key.
  • the currently most widely used standard (except in the USA) is 40-bit encryption, meaning there exist 2 40 possible keys.
  • the length of a 40-bit key is insufficient and therefore 128-bit encryption is used, i.e. there exist 2 128 possible keys and such encryption is, despite the development of the computer technologies and the growth of the computing power, already technologically indecipherable.
  • the form of the exchange of the encrypted key is various. In order that the systems may mutually communicate, it is necessary that they mutually know the key to the encrypted data. As a rule, there exist three basic possibilities of using the encryption key irrespective of for how long the encryption key is used.
  • Synchronous encryption represents the simplest form of using encryption keys. Both communicating parties mutually agree on the encryption key to be used. A public key, gained from a publicly accessible source may be used as an encryption key. A common way of gaining such an encryption key is a random source of data, signals, or other parameters, to which both communicating parties have access. The source of data acquired in this way is used as the key for encrypting and decrypting of the transmission. A common method is also the generating of the encryption key by one of the parties participating in the transmission and then subsequently sending it to the counter party.
  • Asynchronous encryption is based on the existence of two mutually different encryption keys.
  • the keys are marked as a public key and a private key.
  • the data are encrypted by the respective key and decrypted by the other.
  • the keys are different from one other in such an extent that it is not possible when knowing of one of the keys to acquire the other key.
  • the asynchronous method of encryption is used in electronic signatures of documents or electronic mail.
  • the asynchronous synchronous method of encryption uses a combination of the previous methods.
  • a synchronous key is encrypted by the asynchronous encryption and following the transfer of the encryption to the counter party the asynchronous encryption is removed and for further communication encryption by synchronous encryption is used.
  • the risk of there occurring the capture of the main encryption key, by which the main data transmission is to be encrypted, is thus reduced.
  • the existing payments system is currently used for the system of direct debit payments by credit cards.
  • the clients inputs in the payment form his name and surname, the number of his credit card and data on the expiry of the credit card.
  • the physical contact of the trader and the credit card of the customer is not necessary.
  • These data are usually sent in encrypted form to the system of an Internet shopping store.
  • the securing or encrypting of the data sent is realised by the Internet shopping store party, which creates payment forms usually communicating through an https protocol (usually the SSL method with 40-bit length of the encryption key).
  • HTTP usually the HTTP
  • There are also available other types of the securing such as for example the use of Java applets and so on.
  • the payment terminal is the most widespread form of electronic direct debit payment contact.
  • a necessary condition of the functionality of the terminal is the creation of a communication channel between the terminal and the bank authorisation centre, or the bank itself.
  • the communication channel may be used only for the transfer of the authorisation of the data and neither of its parts for security reasons may be a component of another communication channel.
  • EFT/POS In a transaction realised with the help of EFT/POS there is required from the cardholder a PIN or sample signature. Transactions in which a PIN is required from the holder of a payment card are considered in banking practice as more secure.
  • the verifying of transactions by means of EFT/POS in the Internet environment is not possible for reason of the need of confirmation of the transaction by a sample signature or PIN code.
  • the sample signature is excluded by the electronic essence of the sale itself and the inputting of the PIN code to the Internet is not admissible for security reasons stated by the companies issuing the payment cards.
  • the payments system makes it possible to pay for only a selected quantity of services or goods that are defined in advance by the GSM operator.
  • the client confirms realisation of the payment through the sending of an SMS message, the content of which is the authorisation RPIN.
  • the main shortcoming of the payments system of the prepaid reload is the small quantity of the offered goods and services.
  • the goods and services are tied to the prepaid services in the case of GSM operators, for expanding the range of services offered it would be necessary to introduce a complex encryption system for the offered goods and services.
  • the service is realised in the area of public data networks, authentication and authorisation of the transactions performed is confirmed through a code.
  • the codes may be generated by electronic code generators, but there is also used a solution by means of grid card, on which codes are pre- generated.
  • the problem of this form of banking are the expenses connected with the code generators and low flexibility of the system in the case of a change of requirements for the code generators.
  • This method while solving the problem of reducing expenses for creating the communication channel, since it uses the already existing mobile telephone network, does have the shortcoming that it uses a unique predefined code (the PIN), which has a very negative effect on the security of the transaction executed.
  • the solution as per WO 9745814 (B . Vazvan) is aimed at increasing the security of transactions executed via the public network. Its essence lies in the fact that the request for the transaction may be input by the user through any communication channel, but subsequently requires the authorisation of the transaction by the inputting of a defined P-PIN, which must however be sent via an appropriate wireless/cellular terminal, e. g. mobile telephone.
  • the benefit is the option of the use of one transmission channel for assigning the request for the transaction and the other transmission channel for authorisation of the transaction.
  • a shortcoming of the solution is the fact that the security of the whole transaction is determined by the security of the network to which the stated wireless/cellular terminal is connected and for authorisation is used a predefined code, which is not unique for the given transaction.
  • the present invention which provides the method of a secure transaction which might for example be the direct debit transfer of funds or the logging-in to a secured network, via public networks uses a centralised method of authorisation and comprises the steps of logging-in the user to the authorisation headquarters and inputting the request for a transaction, verifying the identity of the user by the authorisation headquarters and assessing the legitimacy of the request for the transaction, requiring from the party of the authorisation headquarters confirmation of the transaction from the user and finally execution of the transaction, wherein the essence of the solution lies in the fact that:
  • a) the logging-in of the user to the authorisation headquarters is performed via of a first public network (e.g. by means of the Internet network),
  • the authorisation headquarters will generate by a preset procedure the authorisation code, where the authorisation headquarters is the only place where the authorisation code is generated and where all the access data and data on the method of generating the code are gathered, and the authorisation headquarters will send it to the user through a second public network (e.g. by means of the mobile phone or paging or RDS - Radio Data System network),
  • the user will receive the authorisation code through the second public network and will confirm the transaction requested by sending it back to the authorisation headquarters by means of the first public network, and
  • the authorisation headquarters compares the sent and received authorisation code and in the case of their matching, issues the instruction for execution of the transaction.
  • the authorisation headquarters in generating the code supplements the stated request for the transaction with at least one variable piece of data, where most advantageous is unique data (e.g. data on time of registering the request) or a value of another appropriate time-dependent variable (e.g. the generator's output of random numbers).
  • the user specifies his unique identifier, the type of transaction and content of the transaction, where the data on the type and content of the transaction are preferably contained also in the authorisation code generated by the authorisation headquarters, whereby protection of the user, e.g. the purchaser, is achieved against the unauthorised intervention by the verifying party, e.g. the trader, in the information sent.
  • a further substantial increase in the security of the transaction will be achieved by the fact that the user returns the authorisation code to the authorisation headquarters within a set time limit, the length of which is chosen so as to enable, with a certain reserve, the comfortable execution of the operation, including the authorisation code, but at the same time prevents or at least hinders possible manipulation of the authorisation code.
  • the submitted solution has compared to the current state of the technology a set of advantages in terms of the security aspect, as well from the aspect of the financial costs necessary for realisation of subject transaction method in question. Among the most important are:
  • the generated authorisation code contains in itself signs unique to the specific transaction being executed, which will prevent the change of the content of the transaction in the course of its execution,
  • authorisation of the transaction is performed within a set time limit, through which the time space for any possible manipulation with the authorisation code is minimised.
  • a typical example of the application of the submitted solution is a user's purchase in an Internet shopping store, where the whole transaction consists of the following steps:
  • the AHQB searches according to the user' s number of the payment card in the database. In the case that the number of the payment card of the user is not in the database, the AHQB sends back information on the error of the input number of the payment card and step no. 1 is repeated. If the number of the payment card is in the database of users of the AHQB, the communication progresses to step no. 3.
  • the AHQB generates an authorisation code, where the data necessary for generating the code authorisation are the following: card number of the user, account no. of the Internet shopping store and the requested amount of the payment.
  • the generated authorisation code is sent by means of an SMS message to the mobile phone of the user, the number of which was reported by the user upon concluding the contract on SP.
  • the SMS message contains besides the authorisation code also an information block consisting of data on the amount of the sum paid and address of the Internet store.
  • the user following receipt of the SMS message decides whether the data in the information block are true and in the case of his consent the user inputs the stated authorisation code into the electronic form on the page of Internet shopping store and sends it off by means of the Internet to the AHQB.
  • the AHQB compares the received authorisation code with the code sent to the user in the form of an SMS message and in the case of a discrepancy between the codes it sends information on an error of the authorisation code to the user and to the Internet shopping store. In the case of a match of the codes step no. 7 follows.
  • the AHQB verifies the possibility of the execution of the payment of the stated amount and the account and in the case of a positive result, it executes the requested payment. In the case of a negative result the payment is not executed.
  • the AHQB sends by means of the Internet a message on the result of the execution of the payment to the user and the Internet shopping store and terminates the transaction.
  • Another example of the embodiment of the invention is in essence identical to a user' s purchase in an internet shopping store, settled by a payment card according to Example 1 , but differs in the following steps:
  • the AHQB generates an authorisation code, where as the access data there is used the value of the system time, the card number of the user, the account number of the Internet shopping store and the requested amount of the payment.
  • the generated authorisation code is sent by means of a public paging network to the user' s pager, the number of which was given by the user upon concluding the contract on SP.
  • the paging message contains besides the authorisation code also an information block comprising data on amount of the sum paid and the address of the Internet shopping store.
  • the user following receipt of the paging message verifies the truth of the data in the information block, inputs the stated authorisation code and within 2 minutes of receipt of the authori sation code sends the electronic form by means of the Internet to the AHQB .
  • the AHQB compares the received code with the code sent to the user in the form of a paging message and assesses whether the authorisation code has been returned from the user within the set time limit of 5 minutes. In case of a discrepancy between the codes or the time limit being exceeded, it sends information on the error of the transaction to the user and to the Internet shopping store. In case of the conditions being fulfilled step no. 7 follows.
  • Example 3
  • Another example of the application of the method according to the invention is practically identical with the method of Example 2, but differs in the fact that the authorisation code is sent by means of an RDS network and the user receives it by means of an RDS receiver.
  • the user contacts the internet banking service (hereinafter simply IBS) through the internet network, he inputs in the electronic form his ID number assigned by the bank for access to the secured IBS network, defines the type and content of the requested transaction and following encryption sends the filled in form through the Internet to the AHQB.
  • IBS internet banking service
  • the AHQB searches according to the user' s ID number in the database. In the case that the ID number is not in the database, the AHQB sends back information on an error in the input ID and step no. 1 is repeated. If the ID number is in the AHQB' s database of users, the transaction proceeds with step no. 3.
  • the AHQB generates the authorisation code, where the access data are the ID number of the user, the type of the requested transaction and the value of the system time at the receipt of the request for generation.
  • the generated authorisation code is sent by means of an SMS message to the mobile phone of the user, the number of which was given by the user upon concluding of the contract on IBS . 5.
  • the user following receipt of the SMS message inputs the received authorisation code to the electronic access form and sends it off through the Internet to the AHQB.
  • the AHQB compares the received code with the code sent to the user in the form of an SMS message and in the case of a discrepancy between the codes it sends information on an error in the authorisation code to the user. In the case of match of the codes sent, the AHQB allows to the user access to the secured IBS network.
  • the user fills in the direct debit payment instruction form, whereby he defines the content of the transaction and following encryption he sends it off to the AHQB of the IBS provider.
  • the AHQB generates an authorisation code, where the data used for generating the authorisation code are the content of the transaction and data on the time of receipt of the payment instruction.
  • the generated authorisation code is sent by means of a paging network to the user' s pager, the number of which was given by the user upon concluding the IBS contract.
  • the user following receipt of the paging message inputs the received authorisation code to the field for the authorisation code in the electronic form and sends it off by means of the Internet to the AHQB.
  • the AHQB compares the received code with the code sent to the user by means of the paging network and in the case of a discrepancy it sends information on an error in the authorisation code to the user. In the case of the codes matching, there proceeds the realisation itself of the transfer of the funds.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Finance (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Telephonic Communication Services (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention consists of the fact that the inputting of a request for a transaction and the logging-in of a user to an authorisation headquarters is preformed through a first public network, from the request for a transaction the authorisation headquarters generates an authorisation code and sends it off to the user through a second public network, the user following receipt of the authorisation headquarters by means of the first public network and the authorisation headquarters in the case of a match of the sent and received authorisation code issues the instruction for execution of the transaction. The authorisation headquarters in generating the code supplements the request for the transaction with at least one variable datum, this preferably being a time datum. From the point of view of costs for realisation of the solution it is advantageous where the first public network is the Internet network and the second public network is a mobile telephone network or paging network or RDS network.

Description

METHOD OF SECURE TRANSACTIONS BY MEANS OF TWO PUBLIC NETWORKS
Technical Field
The invention concerns the method of the securing and transfer of information necessary for authentication of the person who is a holder of certain access rights to a secure system or for performance of a transaction requiring increased security and that is realised by means of public data networks, this primarily meaning bank transactions performed with the help of payment cards.
Back ^&ground art
At present there exist in the context of public networks several methods of increasing the security of transactions performed by means of the stated networks. In the interest of a uniform understanding of the terms used herein from the field of public data networks (since at present this primarily means the internet network, simply the term Internet will be used hereinafter) these are briefly specified in the introduction and the individual methods of transactions analysed from the point of view of their security features.
Security of a system ensuring the transfer of the data is given by the security of the software application used and the physical security of the hardware system, where the securing of the application comprises the performance of the authentication of a client, certification and verification of the data transferred. In the case of a client accessing from the public networks area, there is, besides these, added the protection of data by encryption.
Authentication comprises verifying of the identity of the counter party. The counter party inputs a code, which unequivocally verifies his identity. The code may be one, uniquely given, assigned to the identity (the most common example is the PIN in the case of a credit card), or generated by various code generators. A disadvantage of the one unequivocally given code is its easy abuse. Such codes can not be used in the area of the Internet for the needs of secure authentications. In the case of such a code being captured, the code may be abused without the direct knowledge of its owner, who learns of the abuse only from secondary sources. A typical example is again bank transactions, which may not be executed by means of one uniquely given code (PIN code). The owner of the access rights realised by means of the PIN code learns of the realised transactions usually only from his account statements. The other way of authentication is mainly used by banks for securing bank transactions realised by means of the Internet. This method is usually denoted as an Internet banking service. The code generated by the code generators is forwarded to the bank, which by means of it verifies the client' s identity. In the case that the client is interested, he may also verify the identity of the counter party, i.e. to reassure himself that he really is communicating with his bank. The generated codes on the one hand bring the increased security, but on the other also increased costs connected with the production of the code generator. This usually concerns a dedicated hardware devices and the costs for their acquisition must be met by one of the communicating parties. Besides the existing hardware code generators, it is possible to integrate the function of the code generator into another device. As an example may be stated the mobile telephone with an integrated technology SIM Application Toolkit. This concerns an expansion of the program placed on the SIM card of the mobile phone, usually GSM type. The costs connected with the production of the physical hardware code generator are eliminated, but costs however arise with the placing of the code generator program on the phone' s SIM card. The programs are not standardised, therefore for the needs of each application of the code generator the program must be input into individual SIM cards on an individual basis. A further limitation is that only one code generator can be placed on one SIM card, which prevents more universal use and the limited range of services which are usually integrated by the operators of the mobile phones into this memory area. Another significant shortcoming of all the methods described so far is the impossibility of a complex upgrade of the program or hardware part of the code generator without increased financial expenses and mainly demands for human resources. Authorisation (certification) means the confirmation of the validity of distributed data. Through the code generator, which uses access data for generating the codes, which are directly tied to the subj ect of the authorisation, it is possible to make sure that the data distributed will not be altered by anyone during their transfer. An example is a bank operation where it is possible for generating the certification code to use the following data - number of client' s account, number of the counter account, amount, etc. The code generator generates the authorisation code (this is a number deformed by means of an encryption algorithm of the code). The client of the bank — the initiator of the transfer will send it off to the bank, which with its help will be able to verify the integrity of the transferred data. The disadvantages of authorisation performed in the stated manner are analogous to those stated in the part regarding the authentication.
Encryption is the conversion of perceivable and comprehensible data into an encrypted form that is apparently meaningless. At present in each new dialling connection through the Internet there usually occurs the generation and exchange of a random key between the communicating participants, subsequently used for coding the communication occurring, where the number of potential keys is dependent from the power of encryption, i.e. the length of the encryption key. The currently most widely used standard (except in the USA) is 40-bit encryption, meaning there exist 240 possible keys. For the banking practice however, the length of a 40-bit key is insufficient and therefore 128-bit encryption is used, i.e. there exist 2128 possible keys and such encryption is, despite the development of the computer technologies and the growth of the computing power, already technologically indecipherable. The form of the exchange of the encrypted key is various. In order that the systems may mutually communicate, it is necessary that they mutually know the key to the encrypted data. As a rule, there exist three basic possibilities of using the encryption key irrespective of for how long the encryption key is used.
Synchronous encryption represents the simplest form of using encryption keys. Both communicating parties mutually agree on the encryption key to be used. A public key, gained from a publicly accessible source may be used as an encryption key. A common way of gaining such an encryption key is a random source of data, signals, or other parameters, to which both communicating parties have access. The source of data acquired in this way is used as the key for encrypting and decrypting of the transmission. A common method is also the generating of the encryption key by one of the parties participating in the transmission and then subsequently sending it to the counter party.
Asynchronous encryption is based on the existence of two mutually different encryption keys. The keys are marked as a public key and a private key. According to the method of the use, the data are encrypted by the respective key and decrypted by the other. The keys are different from one other in such an extent that it is not possible when knowing of one of the keys to acquire the other key. The asynchronous method of encryption is used in electronic signatures of documents or electronic mail.
The asynchronous synchronous method of encryption uses a combination of the previous methods. A synchronous key is encrypted by the asynchronous encryption and following the transfer of the encryption to the counter party the asynchronous encryption is removed and for further communication encryption by synchronous encryption is used. The risk of there occurring the capture of the main encryption key, by which the main data transmission is to be encrypted, is thus reduced.
All above-mentioned methods of encryption have one basic security shortcoming, namely the necessity of distributing the encryption keys between the communicating parties over an unsecured network. For increasing the security of the transmission of the encryption key, it would be necessary to use a different, preferably secured, communication network.
For illustration only there are stated several more examples of the use of the above stated methods in current banking practice. Credit cards and the Internet
The existing payments system is currently used for the system of direct debit payments by credit cards. For settlement in Internet shopping stores the clients inputs in the payment form his name and surname, the number of his credit card and data on the expiry of the credit card. The physical contact of the trader and the credit card of the customer is not necessary. These data are usually sent in encrypted form to the system of an Internet shopping store. The securing or encrypting of the data sent is realised by the Internet shopping store party, which creates payment forms usually communicating through an https protocol (usually the SSL method with 40-bit length of the encryption key). There are also available other types of the securing, such as for example the use of Java applets and so on. It is in the field of the Internet shopping that a great number of unauthorised transactions arise, which are caused by the abuse of very easily accessible information necessary for realising a transaction. The shopping stores themselves refuse to realise orders and supplies of goods in particular to the regions of Eastern Europe, Asia, Africa and South America. They are forced to this by the situation, which arises following objections to the realised direct debit transaction by the credit card. From the above it is clear that in this system its insufficient security is caused by the impossibility of authentication of the person who realises a payment by credit card.
EFT/P OS payments
The payment terminal is the most widespread form of electronic direct debit payment contact. A necessary condition of the functionality of the terminal is the creation of a communication channel between the terminal and the bank authorisation centre, or the bank itself. The communication channel may be used only for the transfer of the authorisation of the data and neither of its parts for security reasons may be a component of another communication channel. In a transaction realised with the help of EFT/POS there is required from the cardholder a PIN or sample signature. Transactions in which a PIN is required from the holder of a payment card are considered in banking practice as more secure. The verifying of transactions by means of EFT/POS in the Internet environment is not possible for reason of the need of confirmation of the transaction by a sample signature or PIN code. The sample signature is excluded by the electronic essence of the sale itself and the inputting of the PIN code to the Internet is not admissible for security reasons stated by the companies issuing the payment cards.
Prepaid reload (Loading of the prepaid cards)
The payments system makes it possible to pay for only a selected quantity of services or goods that are defined in advance by the GSM operator. The client confirms realisation of the payment through the sending of an SMS message, the content of which is the authorisation RPIN. The main shortcoming of the payments system of the prepaid reload is the small quantity of the offered goods and services. The goods and services are tied to the prepaid services in the case of GSM operators, for expanding the range of services offered it would be necessary to introduce a complex encryption system for the offered goods and services.
Internet banking
The modern form of realising banking transactions and operations connected to them. The service is realised in the area of public data networks, authentication and authorisation of the transactions performed is confirmed through a code. The codes may be generated by electronic code generators, but there is also used a solution by means of grid card, on which codes are pre- generated. The problem of this form of banking are the expenses connected with the code generators and low flexibility of the system in the case of a change of requirements for the code generators. The method based on grid cards, though cheaper, is significantly less safe.
The removal of the shortcomings of the known methods of the transactions through the public networks is the subject of several inventions. For example in WO 0077697 (S . Prisant) there is solved the method of the distant payment for a purchase from a vending machine that includes the steps:
1 ) contacting of the vending machine by cellular phone, 2) identifying of the identification features of the cellular phone (where the stated identification nature is preferably an ID number of the telephone recorded at the operator of the cellular phone network) and authentication of the user by means of a PIN number input by him, where the stated operation is preferably performed by the operator of the cellular phone network through a comparison of the stated PIN number with its database of PIN numbers,
3) determining whether the requested transaction is realisable,
4) executing the stated transaction by the machine, i.e. delivering the requested good or providing the requested service, which preferably contains also the operation of requesting a confirmation of the stated transaction, and
5) charging of the amount transferred in the stated transaction to the account of the given cellular phone.
This method while solving the problem of reducing expenses for creating the communication channel, since it uses the already existing mobile telephone network, does have the shortcoming that it uses a unique predefined code (the PIN), which has a very negative effect on the security of the transaction executed.
Another solution is the subject of WO 0070512 (G. Holm a J. Hultman) and is aimed at the method of direct payment by means of an open computer network in electronic shopping. It includes the logging-in of the user to a specific transaction service at the telecommunications operator, where the open network represents the Internet, which is interconnected by the mobile or fixed network of a telecommunications operator and concurrently the system of electronic shopping is connected to an Internet bank. Increased security is brought about through the central generation of a specific code which is sent to the user via an SMS or e-mail and which is subsequently used several times for logging-in to the stated transaction service. The security itself of the transactions executed is however determined by the security of the respective Internet bank. From the point of view of the security of the transaction executed the benefit of the given solution is minimal, since the code is used only for access to the service, but does not contain signs specific to the given transaction and thus does not enable its authorisation.
A way of preventing the unauthorised use of payment cards is solved in WO 0010140 (J. Shem-ur et al.). The essence of the solution lies in the fact that for each transaction there is chosen one of a set of predefined codes that have been delivered to the user, which however do not have any relationship to the content of the transaction. The stated method while ensuring verification of the user and his authorisation for performing the transaction, in no way solves the security of the transaction.
The solution as per WO 9745814 (B . Vazvan) is aimed at increasing the security of transactions executed via the public network. Its essence lies in the fact that the request for the transaction may be input by the user through any communication channel, but subsequently requires the authorisation of the transaction by the inputting of a defined P-PIN, which must however be sent via an appropriate wireless/cellular terminal, e. g. mobile telephone. The benefit is the option of the use of one transmission channel for assigning the request for the transaction and the other transmission channel for authorisation of the transaction. A shortcoming of the solution is the fact that the security of the whole transaction is determined by the security of the network to which the stated wireless/cellular terminal is connected and for authorisation is used a predefined code, which is not unique for the given transaction.
From the above stated it is obvious that at present there exists a real need to find a way of secure transactions via public networks which will enable the authentication of the user inputting the request for a transaction; will make it possible to increase the security of the transaction itself without immoderately high financial costs; will make it possible to authorise the content of a transaction by a user prior to its execution and will also enable in the future simple and inexpensive modernisation. Disclosure of invention
These aims are achieved by the present invention, which provides the method of a secure transaction which might for example be the direct debit transfer of funds or the logging-in to a secured network, via public networks uses a centralised method of authorisation and comprises the steps of logging-in the user to the authorisation headquarters and inputting the request for a transaction, verifying the identity of the user by the authorisation headquarters and assessing the legitimacy of the request for the transaction, requiring from the party of the authorisation headquarters confirmation of the transaction from the user and finally execution of the transaction, wherein the essence of the solution lies in the fact that:
a) the logging-in of the user to the authorisation headquarters is performed via of a first public network (e.g. by means of the Internet network),
b) from the request for a transaction the authorisation headquarters will generate by a preset procedure the authorisation code, where the authorisation headquarters is the only place where the authorisation code is generated and where all the access data and data on the method of generating the code are gathered, and the authorisation headquarters will send it to the user through a second public network (e.g. by means of the mobile phone or paging or RDS - Radio Data System network),
c) the user will receive the authorisation code through the second public network and will confirm the transaction requested by sending it back to the authorisation headquarters by means of the first public network, and
d) the authorisation headquarters compares the sent and received authorisation code and in the case of their matching, issues the instruction for execution of the transaction.
From the point of view of increasing the security of the transaction it is advantageous when the authorisation headquarters in generating the code supplements the stated request for the transaction with at least one variable piece of data, where most advantageous is unique data (e.g. data on time of registering the request) or a value of another appropriate time-dependent variable (e.g. the generator's output of random numbers).
It is also advantageous if in the request for the transaction the user specifies his unique identifier, the type of transaction and content of the transaction, where the data on the type and content of the transaction are preferably contained also in the authorisation code generated by the authorisation headquarters, whereby protection of the user, e.g. the purchaser, is achieved against the unauthorised intervention by the verifying party, e.g. the trader, in the information sent.
A further substantial increase in the security of the transaction will be achieved by the fact that the user returns the authorisation code to the authorisation headquarters within a set time limit, the length of which is chosen so as to enable, with a certain reserve, the comfortable execution of the operation, including the authorisation code, but at the same time prevents or at least hinders possible manipulation of the authorisation code.
The submitted solution has compared to the current state of the technology a set of advantages in terms of the security aspect, as well from the aspect of the financial costs necessary for realisation of subject transaction method in question. Among the most important are:
there is one authorisation headquarters for the whole system, which itself represents low investment costs for the creation of a system of secure transactions through public networks and concurrently enables simple and costless innovations of the system in the future,
for execution of a transaction, there are used two independent public networks, which increases in a significant way the security of the whole transaction,
for the transaction, there are used public networks, which at present already exist, whereby the costs for creating the system are substantially reduced, the authorisation code is generated at only one place - in the authorisation headquarters, which may be located at a secured place, which makes it possible to achieve a high degree of security and confidentiality of the authorisation code,
the generated authorisation code contains in itself signs unique to the specific transaction being executed, which will prevent the change of the content of the transaction in the course of its execution,
authorisation of the transaction is performed within a set time limit, through which the time space for any possible manipulation with the authorisation code is minimised.
The following examples are illustrative only and not meant to limit the invention in any manner.
Examples
Example 1
A typical example of the application of the submitted solution is a user's purchase in an Internet shopping store, where the whole transaction consists of the following steps:
1. The user orders an item in the internet shopping store with an implemented system of secure transactions through public networks according to the submitted invention (hereinafter simply SP - Secure Pay) and in the electronic payment form of the given internet shopping store will fill in his ID, i.e. the number of his payment card and the form filled out in this manner, containing also the data on the amount of the requested payment, he will send through the Internet to the authorisation headquarters of the bank (hereinafter simply AHQB). 2. The AHQB searches according to the user' s number of the payment card in the database. In the case that the number of the payment card of the user is not in the database, the AHQB sends back information on the error of the input number of the payment card and step no. 1 is repeated. If the number of the payment card is in the database of users of the AHQB, the communication progresses to step no. 3.
3. The AHQB generates an authorisation code, where the data necessary for generating the code authorisation are the following: card number of the user, account no. of the Internet shopping store and the requested amount of the payment.
4. The generated authorisation code is sent by means of an SMS message to the mobile phone of the user, the number of which was reported by the user upon concluding the contract on SP. The SMS message contains besides the authorisation code also an information block consisting of data on the amount of the sum paid and address of the Internet store.
5. The user following receipt of the SMS message decides whether the data in the information block are true and in the case of his consent the user inputs the stated authorisation code into the electronic form on the page of Internet shopping store and sends it off by means of the Internet to the AHQB.
6. The AHQB compares the received authorisation code with the code sent to the user in the form of an SMS message and in the case of a discrepancy between the codes it sends information on an error of the authorisation code to the user and to the Internet shopping store. In the case of a match of the codes step no. 7 follows.
7. The AHQB verifies the possibility of the execution of the payment of the stated amount and the account and in the case of a positive result, it executes the requested payment. In the case of a negative result the payment is not executed. The AHQB sends by means of the Internet a message on the result of the execution of the payment to the user and the Internet shopping store and terminates the transaction.
Example 2
Another example of the embodiment of the invention is in essence identical to a user' s purchase in an internet shopping store, settled by a payment card according to Example 1 , but differs in the following steps:
3. The AHQB generates an authorisation code, where as the access data there is used the value of the system time, the card number of the user, the account number of the Internet shopping store and the requested amount of the payment.
4. The generated authorisation code is sent by means of a public paging network to the user' s pager, the number of which was given by the user upon concluding the contract on SP. The paging message contains besides the authorisation code also an information block comprising data on amount of the sum paid and the address of the Internet shopping store.
5. The user following receipt of the paging message verifies the truth of the data in the information block, inputs the stated authorisation code and within 2 minutes of receipt of the authori sation code sends the electronic form by means of the Internet to the AHQB .
6. The AHQB compares the received code with the code sent to the user in the form of a paging message and assesses whether the authorisation code has been returned from the user within the set time limit of 5 minutes. In case of a discrepancy between the codes or the time limit being exceeded, it sends information on the error of the transaction to the user and to the Internet shopping store. In case of the conditions being fulfilled step no. 7 follows. Example 3
Another example of the application of the method according to the invention is practically identical with the method of Example 2, but differs in the fact that the authorisation code is sent by means of an RDS network and the user receives it by means of an RDS receiver.
Example 4
A method of secure transactions through public networks, the content of which is access to a secured network of an Internet banking service, where the whole transaction consists of the following steps:
1 . The user contacts the internet banking service (hereinafter simply IBS) through the internet network, he inputs in the electronic form his ID number assigned by the bank for access to the secured IBS network, defines the type and content of the requested transaction and following encryption sends the filled in form through the Internet to the AHQB.
2. The AHQB searches according to the user' s ID number in the database. In the case that the ID number is not in the database, the AHQB sends back information on an error in the input ID and step no. 1 is repeated. If the ID number is in the AHQB' s database of users, the transaction proceeds with step no. 3.
3. The AHQB generates the authorisation code, where the access data are the ID number of the user, the type of the requested transaction and the value of the system time at the receipt of the request for generation.
4. The generated authorisation code is sent by means of an SMS message to the mobile phone of the user, the number of which was given by the user upon concluding of the contract on IBS . 5. The user following receipt of the SMS message inputs the received authorisation code to the electronic access form and sends it off through the Internet to the AHQB.
6. The AHQB compares the received code with the code sent to the user in the form of an SMS message and in the case of a discrepancy between the codes it sends information on an error in the authorisation code to the user. In the case of match of the codes sent, the AHQB allows to the user access to the secured IBS network.
Example 5
A method of secure transactions by means of public networks, the content of which is the issuing of a direct debit payment instruction via an internet banking service, where the logging-in to the secured IBS network is practically identical to that in Example 4 (steps no. 1 to 6) with the difference that delivering the authorisation code is performed by means of a paging network and the whole transaction contains also the further steps:
7. The user fills in the direct debit payment instruction form, whereby he defines the content of the transaction and following encryption he sends it off to the AHQB of the IBS provider.
8. The AHQB generates an authorisation code, where the data used for generating the authorisation code are the content of the transaction and data on the time of receipt of the payment instruction.
9. The generated authorisation code is sent by means of a paging network to the user' s pager, the number of which was given by the user upon concluding the IBS contract.
10. The user following receipt of the paging message inputs the received authorisation code to the field for the authorisation code in the electronic form and sends it off by means of the Internet to the AHQB. The AHQB compares the received code with the code sent to the user by means of the paging network and in the case of a discrepancy it sends information on an error in the authorisation code to the user. In the case of the codes matching, there proceeds the realisation itself of the transfer of the funds.

Claims

C L A I S
A method of secure transactions by means of public networks comprising the steps of:
logging-in of a user to an authorisation headquarters and the inputting of a request for a transaction,
verifying the identity of the user by the authorisation headquarters and assessing the legitimacy of the request for the transaction,
requiring from the party of the authorisation headquarters confirmation of the transaction the user, and
executing of the transaction,
characterised in that,
the logging-in of the user to the authorisation headquarter is performed by means of a first public network;
from the user's request for the transaction the authorisation headquarters generates by a set procedure an authorisation code and sends it off to the user by means of a second public network;
the user receives by means of the second public network the authorisation code and the requested transaction is confirmed by him by sending it back to the authorisation headquarters by means of the first public network;
the authorisation headquarters compares the sent and received authorisation codes and, in the case of their matching, issues the instruction for the execution of the transaction. The method of secure transactions according to claim 1 , characterised in that, in the request for transaction the user specifies his unique identifier, the type of transaction and content of the transaction.
The method of secure transactions according to claims 1 or 2, characterised in that, the authorisation headquarters in generating the code supplements the stated request for the transaction with at least one variable datum.
4. The method of secure transactions according to claim 3, characterised in that, the variable datum with which the authorisation headquarters supplements the request for the transaction, is a time data or a value of a time-dependent variable parameter.
The method of secure transactions according to one of claims 2 to 4, characterised in that, the authorisation code generated by the authorisation headquarters contains information on the type and content of the requested transaction.
6. The method of secure transactions according to one of claims 1 to 5, characterised in that, the user returns the authorisation code to the authorisation headquarters within a preset time limit.
7. The method of secure transactions according to one of claims 1 to 6, characterised in that, the Internet network is used as the first public network and a mobile telephone network or paging network or RDS network is used as the second public network. The method of secure transactions according to one of claims 1 to 7, characterised in that, through the transaction there is realised the direct debit transfer of funds or the logging-in to a secured network.
PCT/SK2002/000005 2001-04-18 2002-04-18 Method of secure transactions by means of two public networks WO2002091144A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SKPV0523-2001 2001-04-18
SK5232001A SK5232001A3 (en) 2001-04-18 2001-04-18 Method of safety transactions by means of public networks

Publications (1)

Publication Number Publication Date
WO2002091144A1 true WO2002091144A1 (en) 2002-11-14

Family

ID=20435848

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SK2002/000005 WO2002091144A1 (en) 2001-04-18 2002-04-18 Method of secure transactions by means of two public networks

Country Status (2)

Country Link
SK (1) SK5232001A3 (en)
WO (1) WO2002091144A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1936528A1 (en) * 2005-08-30 2008-06-25 Passlogy Co., Ltd. Site determining method
EP2062209A1 (en) * 2006-09-15 2009-05-27 Comfact Ab Method and computer system for ensuring authenticity of an electronic transaction
WO2010001423A1 (en) * 2008-07-04 2010-01-07 Ooros S.R.L. Method and system for managing financial transactions
WO2011142929A1 (en) 2010-05-14 2011-11-17 Hawk And Seal, Inc. Flexible quasi out of band authentication architecture
US9330817B2 (en) 2010-01-08 2016-05-03 Hitachi Metals, Ltd. Enameled flat wire
WO2021116627A1 (en) * 2019-12-13 2021-06-17 Banks And Acquirers International Holding Transaction authentication method, server and system using two communication channels

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997045814A1 (en) * 1996-05-24 1997-12-04 Behruz Vazvan Real time system and method for remote purchase payment and remote bill payment transactions and transferring of electronic cash and other required data
EP0844551A2 (en) * 1996-10-28 1998-05-27 Brian J. Veneklase Computer security system
US6078908A (en) * 1997-04-29 2000-06-20 Schmitz; Kim Method for authorizing in data transmission systems
EP1065634A1 (en) * 1999-07-02 2001-01-03 Mic Systems System and method for performing secure electronic transactions over an open communication network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997045814A1 (en) * 1996-05-24 1997-12-04 Behruz Vazvan Real time system and method for remote purchase payment and remote bill payment transactions and transferring of electronic cash and other required data
EP0844551A2 (en) * 1996-10-28 1998-05-27 Brian J. Veneklase Computer security system
US6078908A (en) * 1997-04-29 2000-06-20 Schmitz; Kim Method for authorizing in data transmission systems
EP1065634A1 (en) * 1999-07-02 2001-01-03 Mic Systems System and method for performing secure electronic transactions over an open communication network

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1936528A4 (en) * 2005-08-30 2012-05-23 Passlogy Co Ltd Site determining method
EP2682890A1 (en) * 2005-08-30 2014-01-08 Passlogy Co., Ltd. Site check method
US8312538B2 (en) 2005-08-30 2012-11-13 Passlogy Co., Ltd. Site check method
EP1936528A1 (en) * 2005-08-30 2008-06-25 Passlogy Co., Ltd. Site determining method
EP2062209A4 (en) * 2006-09-15 2011-04-20 Comfact Ab Method and computer system for ensuring authenticity of an electronic transaction
EP2062209A1 (en) * 2006-09-15 2009-05-27 Comfact Ab Method and computer system for ensuring authenticity of an electronic transaction
WO2010001423A1 (en) * 2008-07-04 2010-01-07 Ooros S.R.L. Method and system for managing financial transactions
US9330817B2 (en) 2010-01-08 2016-05-03 Hitachi Metals, Ltd. Enameled flat wire
WO2011142929A1 (en) 2010-05-14 2011-11-17 Hawk And Seal, Inc. Flexible quasi out of band authentication architecture
EP2569691A1 (en) * 2010-05-14 2013-03-20 Authentify, Inc. Flexible quasi out of band authentication architecture
EP2569691A4 (en) * 2010-05-14 2014-06-25 Authentify Inc Flexible quasi out of band authentication architecture
US8887247B2 (en) 2010-05-14 2014-11-11 Authentify, Inc. Flexible quasi out of band authentication architecture
WO2021116627A1 (en) * 2019-12-13 2021-06-17 Banks And Acquirers International Holding Transaction authentication method, server and system using two communication channels
FR3104760A1 (en) * 2019-12-13 2021-06-18 Ingenico Group TRANSACTION AUTHENTICATION PROCESS, SERVER AND SYSTEM USING TWO COMMUNICATION CHANNELS
US20230009385A1 (en) * 2019-12-13 2023-01-12 Banks And Acquirers International Holding Transaction authentication method, server and system using two communication channels

Also Published As

Publication number Publication date
SK5232001A3 (en) 2002-03-05

Similar Documents

Publication Publication Date Title
JP4874251B2 (en) Method and apparatus for authenticating a transaction using a dynamic authentication code
US7925878B2 (en) System and method for creating a trusted network capable of facilitating secure open network transactions using batch credentials
US6078902A (en) System for transaction over communication network
US20030069792A1 (en) System and method for effecting secure online payment using a client payment card
US20090182676A1 (en) Remote Electronic Payment System
US20110103586A1 (en) System, Method and Device To Authenticate Relationships By Electronic Means
US20030055738A1 (en) Method and system for effecting an electronic transaction
EP2481230B1 (en) Authentication method, payment authorisation method and corresponding electronic equipments
CN108476227A (en) System and method for equipment push supply
US10504110B2 (en) Application system for mobile payment and method for providing and using mobile means for payment
CA2730175A1 (en) Secure wireless deposit system and method
CN101098225A (en) Safety data transmission method and paying method, paying terminal and paying server
JP2017537421A (en) How to secure payment tokens
CN112889241A (en) Verification service for account verification
CA2355928C (en) Method and system for implementing a digital signature
CN116802661A (en) Token-based out-of-chain interaction authorization
WO2003046697A2 (en) E-commerce payment systems
WO2002091144A1 (en) Method of secure transactions by means of two public networks
KR100349888B1 (en) PKI system for and method of using micro explorer on mobile terminals
CN107636664B (en) Method, device and apparatus for provisioning access data to a mobile device
EP1171849B1 (en) Communication system and method for efficiently implementing electronic transactions in mobile communication networks
KR100458526B1 (en) System and Method for the wire·wireless complex electronic payment
KR20040055843A (en) System and Method for Payment by Using Authorized Authentication Information
WO2004057547A1 (en) Method and system for transmission of data
KR20020020133A (en) PKI system for and method of using WAP browser on mobile terminals

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: COMMUNICATION PURSUANT TO RULE 69(1) EPC

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP