WO2005081489A1 - Improved secure web site access method and system - Google Patents

Improved secure web site access method and system Download PDF

Info

Publication number
WO2005081489A1
WO2005081489A1 PCT/GB2004/000489 GB2004000489W WO2005081489A1 WO 2005081489 A1 WO2005081489 A1 WO 2005081489A1 GB 2004000489 W GB2004000489 W GB 2004000489W WO 2005081489 A1 WO2005081489 A1 WO 2005081489A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
server
telephone
code
telephone number
Prior art date
Application number
PCT/GB2004/000489
Other languages
French (fr)
Inventor
James Andrew Groves
Original Assignee
James Andrew Groves
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by James Andrew Groves filed Critical James Andrew Groves
Priority to PCT/GB2004/000489 priority Critical patent/WO2005081489A1/en
Publication of WO2005081489A1 publication Critical patent/WO2005081489A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/04Protocols specially adapted for terminals or networks with limited capabilities; specially adapted for terminal portability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]

Definitions

  • the present invention proposes a system for allowing a user to access secure web sites. More particularly the system provides for the exchange of information between the user and the web site provider using SMS technology.
  • a web site may be provided which contains confidential information which only authorised persons are allowed to access.
  • a web site provider may charge a user for access to its web sites and hence allow access only to those users who have paid the necessary subscription.
  • a web site that sells products or tickets may need to know who is accessing the web site in order to send the product or ticket to the correct address and bill the right person.
  • Security is one of the issues which must be considered by web site providers, especially when the information contained on the web site is of a sensitive nature or if the transfer of money between the user and web site provider is " required in order for access to be gained.
  • Banks provide web sites for users to access their bank details and make transactions. These sites are secure because the user uses username/password combinations, which were agreed by both parties by secure means, e.g. post, at a prior time. Web sites to which the user is anonymous when the user first accesses them do not have the benefit of prearranged username/password combinations. In some cases the provider of the web site generates a usemame and password and provides the user with this information directly so that the user may begin accessing the web site.
  • a form may be provided on the web site site which the user fills out entering their own choice of usemame and password and other details as required by the web site provider.
  • the web site must take the user's word for the fact that the details they provide are correct. If details of credit cards are given to the web site by the user, the web site must again trust that the user is the owner of the credit card. This anonymity can lead to fraud and other security problems.
  • Another problem with subscription web sites is that there is currently no provision for users who wish to access a subscription web site for a short period of time e.g. a few minutes or hours. The user may be forced to take out a month or more in subscription fees for a web site that they may only wish to access once.
  • the present invention provides a method of securely receiving user identification information at a server, comprising the steps of: exchanging, in response to a user request received from a user via a first communication medium, at least one user ID code and at least one server ID code between the user and the server at least partially using a second communication medium separate to the first; and generating, on said server, on completion of said exchange, a user data record associated with said user.
  • the present invention provides a method for allowing a user to access secure web sites using a secure means of identification and payment.
  • a user account is set up by the method which is the subject of the present invention.
  • an access server displays on a web page a server telephone number.
  • the user then sends a text message to the server telephone number and containing information concerning the user telephone number and a user generated Personal Identification Number (PIN).
  • PIN Personal Identification Number
  • the access server then generates an account associated with the user and containing information concerning the user telephone number and PIN.
  • the user account contains information concerning the amount of credit available to the user.
  • the user is then only allowed access to relevant secure web sites if they have credit on account.
  • the user may increase the amount of credit an account by sending a text message to the server telephone number containing only information relating to the user telephone number. Each time a text message is received the amount of credit on the user account increases.
  • the access server may gain payment for this through the use of a premium rate telephone number.
  • the provider of the web site provides the user with at least one server ID code and the user provides the provider with at least one user ID code.
  • These ID codes are transferred between the provider and the user with the user using the telephone network as the medium for the transfer of the user ID code.
  • At least one of a server ID code or a user ID code or a combination of a server ID code and a user ID code are stored by the provider as usemames or username/password combinations.
  • the user then uses an appropriate usemame or username/password combination to access the secure web site.
  • the user may be charged for access to the secure web site by use of the user telephone during the exchange of ID codes.
  • the telephone operator may then pass the revenue from the use of the telephone onto the provider.
  • the present invention further provides a system comprising a server and first and second communication media arranged to perform one or more of the methods outlined above and described herein.
  • the invention thus reduces fraudulent access to the provider web site by linking the payment for access directly to the user.
  • the telephone operator be it mobile or landline, provides the name of the telephone owner so the payment can be linked with the user's name.
  • Figure 1.1 shows the request by a user for access to a secure web site in an embodiment of the present invention
  • Figure 1.2 shows the supply of a server ID code to the user by the server in an embodiment of the present invention
  • Figure 1.3 shows the supply of the server ID code to the server by SMS message from the user in an embodiment of the present invention
  • Figure 1. shows the supply of the server code and user telephone number as a username/password combination to the server from the user in order that the user might access the secure web site.
  • Figure 2 shows arrangement of the system in the preferred embodiment of the present invention.
  • the present invention provides a system and method for allowing a user to access secure web sites using a secure means of identification and payment.
  • the method sets up a user data record following the exchange of information between a user and a server.
  • the server provides the user with at least one server ID code via a first communication medium and the user provides the server with at least one user ID code via a second communication medium.
  • the user then uses at least one ID code stored in said user data record to access a secure web site.
  • Figure 2 shows a system on which the method which is the subject of the present invention may be implemented.
  • the system comprises user terminals 1 , for example personal computers, connected to the Internet 3 or other such remote network.
  • web servers 2 which each provide web site services or similar information or application based content.
  • a central access control server 4 to which the web servers are connected either directly or via the Internet.
  • a user when a user wishes to gain access to a web site which utilises the access control method of the present invention the user is asked to input their PIN in order that he/she might gain access to the desired web site.
  • a new user account is set up as follows. Firstly the user will be invited to send an S M S text message, to a central access control server telephone number The user will be requested to provide in the text message a user generated PIN and the telephone number of the mobile from which they are textmg The user telephone number may be provided in the text header (m which case the is no need for the user to specifically include it) When the central access control server receives such a text message it first checks to see if there is an account already set up with that telephone number and if not, generates a new account associated with the user and containing the user telephone number and PIN If an account already exists the user will be informed by return text message When the account is set up it will be credited with a predetermined amount of credit
  • the amount of credit on account then dictates how much access is available to the user. For example, 1 unit of credit may permit one log on to a website. That unit of credit expires whenever the user logs out, however long the user is logged-on Alternatively, the amount of time the user is allowed to browse a web site is directly linked to credit.
  • a user attempts to log on to the system with no credit on account they will be informed by the central access control server of this fact.
  • the user may be informed via the website itself or alternatively by text message Alternatively, regardless of whether or not the user is trying to log on, the system may send a text message to the user when credit runs low or out
  • the central access control server generates revenue by utilising a premium rate telephone number which the users send their texts to
  • the central access control server receives a cut of the cost of sending the text from the telephone network operators.
  • the system may also provide an additional level of security as follows.
  • the central access control server sends a text message to the user telephone containing an access code. The user will be prompted to enter the code into the log on page. If the code is correct the user will be allowed access to the desired web site.
  • This code provides an additional level of security. In the event that an unauthorised third party gains knowledge of the user telephone number and PIN, the third party would not be able to access the web site as there would be no way for them to access the access code. Additionally, should a user receive an access code when not trying to logon to a website, they would know that an unauthorised third party was trying to gain access to using their account. The user could then change their PIN.
  • the server on which the secure web site to which access is desired is located informs the user that in order to access the web site at least a server ID code and a user ID code must be exchanged between the server and the user.
  • the first server ID code is a telephone number of the server, which may be individual to the site concerned or type of access required or a combination of both.
  • the first user ID code is the telephone number of the user's telephone.
  • the server provides the user with the server telephone number by displaying the server telephone number on the relevant web site.
  • the user then provides the server with the user telephone number using the user telephone.
  • the user provides the server with the user telephone number by making a telephone call to the server telephone number using the user telephone.
  • the server obtains the user telephone number from the telephone call using a system such as Caller Line Identification (CLI).
  • the user telephone may be a mobile telephone.
  • the user provides the server with the user telephone number by sending a text message to the server telephone number using the user telephone.
  • the server obtains the user telephone number from the text message, within which the user telephone number is stored. In either case the server stores the user telephone number.
  • the user telephone number is stored with information regarding which server telephone number the user used in the case where there is more than one server telephone number.
  • the server also has information regarding which server telephone numbers relate to which web sites and what types of access pre-stored. The server therefore knows which web sites the user is able to access and for how long, with the user telephone number.
  • the user telephone number is then the usemame for access to the relevant web site. The user can go to the web site and enter their telephone number as their usemame and gain access to the web site.
  • a second server ID code is a server access code.
  • the server access code is displayed on the web site with the first server ID code, the server telephone number, when the user first tries to access a secure web site.
  • the server access code may be fixed, randomly generated, individual to the site concerned or type of access required or specific to the user. There may be only one server telephone number, or a plurality of numbers may be provided relating to different levels of access, eg different areas of the site or different call rates.
  • the user provides the server with the user telephone number and the server access code by making a telephone call to the server telephone number using the user telephone.
  • the user telephone number is provided to the server in the same manner as described hereinbefore.
  • the server access number is obtained by the server using an automatic telephone system. Such a system may answer the telephone call and request that the user inputs the server access code.
  • the automated system may also request that the user inputs the user telephone number as well as the server access code.
  • the text message contains the server access code as the text. Therefore the server is able to obtain the server access code form the text message as well as the user telephone number.
  • the server stores the server access code and the user telephone number as a username/password combination.
  • the server stores information regarding which access codes relate to which web sites and what types of access. The server therefore knows which web sites the user is allowed access to and the nature of that access. The user can then go to the relevant web site and enter the username/password combination and gain access to the web site.
  • the user first provides the server with the first user ID code, the user telephone number. Preferably this is achieved by the user entering the user telephone number into the server web site to which access is required.
  • the server then provides the user with the second server ID code, the server access code, by sending the code to the user telephone number.
  • the user telephone is a mobile telephone and the server sends the server access code to the user mobile telephone as the text in a text message.
  • the server access code is then the usemame for access to the relevant web site.
  • the user can then go to the relevant web site and enter the server access code as a usemame and gain access to the web site.
  • the server stores the user telephone number with the server access code as a username/password combination.
  • the type of access that a user is permitted to have may vary as suggested hereinbefore. For instance, a time limit on the amount of time for which the user may access the secure server web site may be provided. The time limit may begin when the user first logs onto the web site using the usemame or username/password combination. Alternatively the user may only be allowed to access the secure web site once and once logged out the user may not log in again. Alternatively the user may be allowed to access the web site more than once with no time limit up to a predefined number of logins. The user is charged for access to the web site through the user's telephone operator.
  • the mobile phone operator charges the user for sending the text message to the server.
  • the server receives payment from the mobile phone operator.
  • the number of the server could be a premium rate number from which the server receives payment from the telephone operator for each call that is made.
  • the server sends the user a text message the user may be charged using reverse charge text messaging.
  • the invention therefore enables simple chargeable access to secure web sites using communication means separate from the Internet to identify and charge users. This can be achieved as set out above, and other variations are possible without departing from the scope of the invention.
  • the user ID code need not be the user telephone number, if a separate identification is created during the telephone communication with the server.

Abstract

A system and method for allowing a user to access secure web sites using a secure means of identification and payment. The method sets up a user data record following the exchange of information between a user and a server. The server provides the user with at least one server ID code via a first communication medium and the user provides the server with at least one user ID code via a second communication medium. The user then uses at least one ID code stored in said user data record to access a secure web site.

Description

Improved secure web site access method and system
The present invention proposes a system for allowing a user to access secure web sites. More particularly the system provides for the exchange of information between the user and the web site provider using SMS technology.
Background
Password access to web sites is provided by many web site providers and for various reasons. A web site may be provided which contains confidential information which only authorised persons are allowed to access. Alternatively, a web site provider may charge a user for access to its web sites and hence allow access only to those users who have paid the necessary subscription. Alternatively, a web site that sells products or tickets may need to know who is accessing the web site in order to send the product or ticket to the correct address and bill the right person.
Security is one of the issues which must be considered by web site providers, especially when the information contained on the web site is of a sensitive nature or if the transfer of money between the user and web site provider is "required in order for access to be gained. Banks provide web sites for users to access their bank details and make transactions. These sites are secure because the user uses username/password combinations, which were agreed by both parties by secure means, e.g. post, at a prior time. Web sites to which the user is anonymous when the user first accesses them do not have the benefit of prearranged username/password combinations. In some cases the provider of the web site generates a usemame and password and provides the user with this information directly so that the user may begin accessing the web site. Alternatively, a form may be provided on the web site site which the user fills out entering their own choice of usemame and password and other details as required by the web site provider. The web site must take the user's word for the fact that the details they provide are correct. If details of credit cards are given to the web site by the user, the web site must again trust that the user is the owner of the credit card. This anonymity can lead to fraud and other security problems. Another problem with subscription web sites is that there is currently no provision for users who wish to access a subscription web site for a short period of time e.g. a few minutes or hours. The user may be forced to take out a month or more in subscription fees for a web site that they may only wish to access once. Accordingly, the present invention provides a method of securely receiving user identification information at a server, comprising the steps of: exchanging, in response to a user request received from a user via a first communication medium, at least one user ID code and at least one server ID code between the user and the server at least partially using a second communication medium separate to the first; and generating, on said server, on completion of said exchange, a user data record associated with said user. The present invention provides a method for allowing a user to access secure web sites using a secure means of identification and payment. In one embodiment, in order that a user may gain access to a secure web site, a user account is set up by the method which is the subject of the present invention. Preferably, an access server displays on a web page a server telephone number. The user then sends a text message to the server telephone number and containing information concerning the user telephone number and a user generated Personal Identification Number (PIN). Preferably, the access server then generates an account associated with the user and containing information concerning the user telephone number and PIN. Preferably, the user account contains information concerning the amount of credit available to the user. The user is then only allowed access to relevant secure web sites if they have credit on account. Preferably, the user may increase the amount of credit an account by sending a text message to the server telephone number containing only information relating to the user telephone number. Each time a text message is received the amount of credit on the user account increases. The access server may gain payment for this through the use of a premium rate telephone number. In an alternative embodiment, when a user wishes to access a secure web site the provider of the web site provides the user with at least one server ID code and the user provides the provider with at least one user ID code. These ID codes are transferred between the provider and the user with the user using the telephone network as the medium for the transfer of the user ID code. At least one of a server ID code or a user ID code or a combination of a server ID code and a user ID code are stored by the provider as usemames or username/password combinations. The user then uses an appropriate usemame or username/password combination to access the secure web site. The user may be charged for access to the secure web site by use of the user telephone during the exchange of ID codes. The telephone operator may then pass the revenue from the use of the telephone onto the provider. The present invention further provides a system comprising a server and first and second communication media arranged to perform one or more of the methods outlined above and described herein. The invention thus reduces fraudulent access to the provider web site by linking the payment for access directly to the user. Possibly the telephone operator, be it mobile or landline, provides the name of the telephone owner so the payment can be linked with the user's name.
Brief description of the drawings
In order that the present invention be more readily understood embodiments thereof will now be described by way of example only and with reference to the accompanying drawings in which: Figure 1.1 shows the request by a user for access to a secure web site in an embodiment of the present invention Figure 1.2 shows the supply of a server ID code to the user by the server in an embodiment of the present invention Figure 1.3 shows the supply of the server ID code to the server by SMS message from the user in an embodiment of the present invention Figure 1. 4 shows the supply of the server code and user telephone number as a username/password combination to the server from the user in order that the user might access the secure web site. Figure 2 shows arrangement of the system in the preferred embodiment of the present invention.
Detailed description of the preferred embodiments of the present invention
The present invention provides a system and method for allowing a user to access secure web sites using a secure means of identification and payment. The method sets up a user data record following the exchange of information between a user and a server. The server provides the user with at least one server ID code via a first communication medium and the user provides the server with at least one user ID code via a second communication medium. The user then uses at least one ID code stored in said user data record to access a secure web site. Referring now to the drawings, Figure 2 shows a system on which the method which is the subject of the present invention may be implemented. The system comprises user terminals 1 , for example personal computers, connected to the Internet 3 or other such remote network. Also connected to the Internet are web servers 2 which each provide web site services or similar information or application based content. Also shown is a central access control server 4 to which the web servers are connected either directly or via the Internet.
In a first embodiment, when a user wishes to gain access to a web site which utilises the access control method of the present invention the user is asked to input their PIN in order that he/she might gain access to the desired web site.
The user will only have a PIN if they have used the system before and set up an account. If the user has not used the system previously, they will be given the option to set up a new account. A new user account is set up as follows. Firstly the user will be invited to send an S M S text message, to a central access control server telephone number The user will be requested to provide in the text message a user generated PIN and the telephone number of the mobile from which they are textmg The user telephone number may be provided in the text header (m which case the is no need for the user to specifically include it) When the central access control server receives such a text message it first checks to see if there is an account already set up with that telephone number and if not, generates a new account associated with the user and containing the user telephone number and PIN If an account already exists the user will be informed by return text message When the account is set up it will be credited with a predetermined amount of credit
Once the user has set up an account, they can return to the log-on page and enter the just generated PIN Once the account is set up, further credit is added to it by the sending of further text messages from the user telephone. Such text messages need only contam the user's telephone number. Therefore, the user may access websites when they please so long as there is credit on account
The amount of credit on account then dictates how much access is available to the user. For example, 1 unit of credit may permit one log on to a website. That unit of credit expires whenever the user logs out, however long the user is logged-on Alternatively, the amount of time the user is allowed to browse a web site is directly linked to credit.
If a user attempts to log on to the system with no credit on account they will be informed by the central access control server of this fact. The user may be informed via the website itself or alternatively by text message Alternatively, regardless of whether or not the user is trying to log on, the system may send a text message to the user when credit runs low or out
The central access control server generates revenue by utilising a premium rate telephone number which the users send their texts to The central access control server receives a cut of the cost of sending the text from the telephone network operators.
The system may also provide an additional level of security as follows. When a user logs on to the system, instead of being allowed to access the desired website immediately, the central access control server sends a text message to the user telephone containing an access code. The user will be prompted to enter the code into the log on page. If the code is correct the user will be allowed access to the desired web site.
This code provides an additional level of security. In the event that an unauthorised third party gains knowledge of the user telephone number and PIN, the third party would not be able to access the web site as there would be no way for them to access the access code. Additionally, should a user receive an access code when not trying to logon to a website, they would know that an unauthorised third party was trying to gain access to using their account. The user could then change their PIN.
In a second embodiment, when a user attempts to access information on a secure provider web site the user may be informed that the web site is secure and that the web site can only be accessed using a usemame or username/password combination that is to be generated according to a method that is an alternative embodiment of the present invention. The server on which the secure web site to which access is desired is located informs the user that in order to access the web site at least a server ID code and a user ID code must be exchanged between the server and the user. Preferably the first server ID code is a telephone number of the server, which may be individual to the site concerned or type of access required or a combination of both. Preferably the first user ID code is the telephone number of the user's telephone. Preferably the server provides the user with the server telephone number by displaying the server telephone number on the relevant web site. The user then provides the server with the user telephone number using the user telephone. In one embodiment the user provides the server with the user telephone number by making a telephone call to the server telephone number using the user telephone. In this case, preferably the server obtains the user telephone number from the telephone call using a system such as Caller Line Identification (CLI). Alternatively the user telephone may be a mobile telephone. In this case, the user provides the server with the user telephone number by sending a text message to the server telephone number using the user telephone. Preferably the server obtains the user telephone number from the text message, within which the user telephone number is stored. In either case the server stores the user telephone number. Preferably the user telephone number is stored with information regarding which server telephone number the user used in the case where there is more than one server telephone number. The server also has information regarding which server telephone numbers relate to which web sites and what types of access pre-stored. The server therefore knows which web sites the user is able to access and for how long, with the user telephone number. The user telephone number is then the usemame for access to the relevant web site. The user can go to the web site and enter their telephone number as their usemame and gain access to the web site. Preferably a second server ID code is a server access code. The server access code is displayed on the web site with the first server ID code, the server telephone number, when the user first tries to access a secure web site. In this case the server access code may be fixed, randomly generated, individual to the site concerned or type of access required or specific to the user. There may be only one server telephone number, or a plurality of numbers may be provided relating to different levels of access, eg different areas of the site or different call rates. Preferably the user provides the server with the user telephone number and the server access code by making a telephone call to the server telephone number using the user telephone. The user telephone number is provided to the server in the same manner as described hereinbefore. Preferably the server access number is obtained by the server using an automatic telephone system. Such a system may answer the telephone call and request that the user inputs the server access code. Alternatively if no CLI or the like exists the automated system may also request that the user inputs the user telephone number as well as the server access code. Alternatively in the case when the user sends a text message to the server, the text message contains the server access code as the text. Therefore the server is able to obtain the server access code form the text message as well as the user telephone number. Preferably the server stores the server access code and the user telephone number as a username/password combination. In the case where there is more than one web site the server stores information regarding which access codes relate to which web sites and what types of access. The server therefore knows which web sites the user is allowed access to and the nature of that access. The user can then go to the relevant web site and enter the username/password combination and gain access to the web site. In an alternative embodiment of the present invention, the user first provides the server with the first user ID code, the user telephone number. Preferably this is achieved by the user entering the user telephone number into the server web site to which access is required. Preferably the server then provides the user with the second server ID code, the server access code, by sending the code to the user telephone number. Preferably the user telephone is a mobile telephone and the server sends the server access code to the user mobile telephone as the text in a text message. The server access code is then the usemame for access to the relevant web site. The user can then go to the relevant web site and enter the server access code as a usemame and gain access to the web site. Alternatively the server stores the user telephone number with the server access code as a username/password combination. When the user wishes to access the relevant web site, they must enter the user telephone number and server access code as a username/password combination. The type of access that a user is permitted to have may vary as suggested hereinbefore. For instance, a time limit on the amount of time for which the user may access the secure server web site may be provided. The time limit may begin when the user first logs onto the web site using the usemame or username/password combination. Alternatively the user may only be allowed to access the secure web site once and once logged out the user may not log in again. Alternatively the user may be allowed to access the web site more than once with no time limit up to a predefined number of logins. The user is charged for access to the web site through the user's telephone operator. In the case of the telephone being a mobile phone and the access code being sent by text message, the mobile phone operator charges the user for sending the text message to the server. The server then receives payment from the mobile phone operator. In the case where the access code is provided to the server by telephone, the number of the server could be a premium rate number from which the server receives payment from the telephone operator for each call that is made. In the case where the server sends the user a text message the user may be charged using reverse charge text messaging. The invention therefore enables simple chargeable access to secure web sites using communication means separate from the Internet to identify and charge users. This can be achieved as set out above, and other variations are possible without departing from the scope of the invention. For instance, the user ID code need not be the user telephone number, if a separate identification is created during the telephone communication with the server.

Claims

Claims:
1. A method of securely receiving user identification information at a server, comprising the steps of: exchanging, in response to a user request received from a user via a first communication medium, at least one user ID code and at least one server ID code between the user and the server at least partially using a second communication medium separate to the first; and generating, on said server, on completion of said exchange, a user data record associated with said user.
2. The method of claim 1 wherein said first communication medium comprises the Internet.
3. The method of claim 1 or 2 wherein said user request is a request to set up a user account.
4. The method of claim 3 wherein said request to set up a user data record is made via a web page associated with said server.
5. The method of claim 1 , 2, 3 or 4 wherein said second communication medium comprises a telephone network.
6. The method of claim 5 wherein said at least one server ID code comprises a server telephone number.
7. The method of claim 6 wherein said step of exchanging includes the sub- step of displaying, on a web page, said server telephone number.
8. The method of claim 5, 6 or 7 wherein said at least one user ID code comprises a user telephone number.
9. The method of claim 8 wherein said at least one user ID code further comprises a user identification number.
10. The method of claim 9 wherein the user identification number is generated by the user.
11. The method of claim 8, 9 or 10 wherein said user telephone is a mobile telephone.
12. The method of claim 8, 9, 10 or 1 1 wherein said step of exchanging includes the sub-step of receiving the user ID code from a user telephone communicating with the server using the server telephone number via said telephone network.
13. The method of claim 12 wherein said user ID code is received from a telephone call from the user telephone to the server telephone number.
14. The method of claim 13 wherein said user telephone number is received from the telephone using Caller Line Identification.
15. The method of claim 13 wherein said user ID code is received from the telephone call using an automated system which requires the user to enter into the user telephone keypad the user ID code during the telephone call to the server.
16. The method of claim 11 wherein said user ID code is received from a text message sent from said user mobile telephone to said server telephone number.
17. The method of claim 16 wherein said user ID code is written in the text portion of the text message by the user.
18. The method of claim 16 wherein said user telephone number is contained in a header portion of the text message.
19. The method of any of any preceding claim further comprising the steps of: receiving a code from a user at a secure web site associated with said server via the first communication medium; and permitting access to said secure web site if said received code matches at least one of said at least one user ID codes and at least one condition relating to information stored in said user data record is satisfied.
20. The method of claim 19 wherein said information stored in said user data record is credit information representing an amount credit associated with the user.
21. The method of claim 20 wherein said at least one condition comprises a condition that said amount of credit is not less than a predetermined threshold.
22. The method of claim 20 or 21 wherein said amount of credit in said user data record reduces each time the user is permitted access to said secure web site.
23. The method of any preceding claims further comprising the steps of: receiving a code from a user at said server via said second communication medium; and altering information in said user data record associated with said user, if said received code matches at least one of said at least one user ID codes.
24. The method of claim 23 wherein said code is received from a telephone call from a user telephone to a server telephone number via a telephone network.
25. The method of claim 24 wherein said code is a user telephone number and is received from the telephone call using Caller Line Identification.
26. The method of claim 24 wherein said code is a user telephone number and is received from the telephone call using an automated system which requires the user to enter into the user telephone keypad the user telephone number during the telephone call to the server.
27. The method of claim 23 wherein said code is received from a text message sent from a user mobile telephone to a server telephone number.
28. The method of claim 27 wherein said code is written in the text portion of the text message by the user.
29. The method of claim 27 wherein the code is a user telephone number and is contained in a header portion of the text message.
30. The method of any of claims 23 to 29 wherein said information is information representing an amount of credit associated with the user.
31. The method of claim 30 wherein the amount of credit associated with the user increases each time a code is received via said second communication medium.
32. The method of claim 1 being a method of accessing a secure web page, wherein said request is a request to access said secure web page; and said method further comprising: receiving at least one of said ID codes from said user at said secure web page using the first communication medium, permitting access to said secure web page if said received ID code matches said at least one user ID codes.
33. The method of claim 32 wherein said second communication medium used to request access to the secure web page is the telephone network.
34. The method of claim 33 wherein a first server ID code is a server telephone number.
35. The method of claims 33 or 34, wherein a first user ID code is a user telephone number.
36. The method of claims 34 or 35, wherein said step of exchanging includes a sub-step of displaying the server telephone number on the secure web page.
37. The method of claims 35 or 36, wherein said step of exchanging includes and a sub-step of receiving the user telephone number, using a user telephone to communicate with the server using the server telephone number so as to send the user telephone number to the server.
38. The method of claim 37 wherein said user telephone number is received from a telephone call from the user telephone to the server telephone number.
39. The method of claim 38 wherein said user telephone number is received from the telephone call using Caller Line Identification.
40. The method of claim 38 wherein said user telephone number is received from the telephone call using an automated system which requires the user to enter into the user telephone keypad the user telephone number during the telephone call the server.
41. The method of claim 37 wherein said user telephone is a mobile telephone.
42. The method of claim 41 wherein said user telephone number is received from a text message sent from said user mobile phone to said server telephone number; wherein said server is able to obtain from said text message the user telephone number.
43. The method of claims 35 to 42 further comprising the step of storing said user telephone number as a usemame for access to the secure web page.
44. The method of claim 43 wherein said communication medium used to access the secure web page is the Internet.
45. The method of claim 44 wherein said step of receiving at least one ID code is a step of receiving the user telephone number.
46. The method of claim 45 wherein the user is permitted access if the received user telephone number matches the stored user telephone number.
PCT/GB2004/000489 2004-02-10 2004-02-10 Improved secure web site access method and system WO2005081489A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/GB2004/000489 WO2005081489A1 (en) 2004-02-10 2004-02-10 Improved secure web site access method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/GB2004/000489 WO2005081489A1 (en) 2004-02-10 2004-02-10 Improved secure web site access method and system

Publications (1)

Publication Number Publication Date
WO2005081489A1 true WO2005081489A1 (en) 2005-09-01

Family

ID=34878538

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2004/000489 WO2005081489A1 (en) 2004-02-10 2004-02-10 Improved secure web site access method and system

Country Status (1)

Country Link
WO (1) WO2005081489A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1770589A1 (en) * 2005-09-29 2007-04-04 Research In Motion Limited System and method for registering entities for code signing services
US7797545B2 (en) 2005-09-29 2010-09-14 Research In Motion Limited System and method for registering entities for code signing services
US9077524B2 (en) 2005-09-29 2015-07-07 Blackberry Limited System and method for providing an indication of randomness quality of random number data generated by a random data service

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2371665A (en) * 2001-01-25 2002-07-31 Lets Guard It Europ Ab Call-back function provides a user with an authorisation code for accessing a service
GB2379040A (en) * 2001-08-22 2003-02-26 Int Computers Ltd Controlling user access to a remote service by sending a one-time password to a portable device after normal login

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2371665A (en) * 2001-01-25 2002-07-31 Lets Guard It Europ Ab Call-back function provides a user with an authorisation code for accessing a service
GB2379040A (en) * 2001-08-22 2003-02-26 Int Computers Ltd Controlling user access to a remote service by sending a one-time password to a portable device after normal login

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
9 January 2004 (2004-01-09), XP002305132, Retrieved from the Internet <URL:http://web.archive.org/web/20040109205944/http://www.smskambi.com/en/faq.jsp> [retrieved on 20041111] *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1770589A1 (en) * 2005-09-29 2007-04-04 Research In Motion Limited System and method for registering entities for code signing services
US7797545B2 (en) 2005-09-29 2010-09-14 Research In Motion Limited System and method for registering entities for code signing services
US8452970B2 (en) 2005-09-29 2013-05-28 Research In Motion Limited System and method for code signing
US9077524B2 (en) 2005-09-29 2015-07-07 Blackberry Limited System and method for providing an indication of randomness quality of random number data generated by a random data service

Similar Documents

Publication Publication Date Title
GB2391646A (en) Secure web page authenication method using a telephone number or SMS message
US7788151B2 (en) Systems and methods for accessing a secure electronic environment with a mobile device
RU2332807C2 (en) Method of quick registration for authentication of user and payment performance using two different communication channels and system therefor
US8260862B2 (en) System and method for authenticating users of online services
RU2401455C2 (en) Electronic system for rendering bank services
US7287270B2 (en) User authentication method in network
DK1755062T3 (en) Methods and systems for secure user authentication
US20100146259A1 (en) Multi factor authorisations utilising a closed loop information management system
US20030051164A1 (en) System and method for authentication of network users with preprocessing generating a verified personal profile for use on a publicly accessed global networked computer system and a system and method for producing the exchange of such secure identification
US20050165680A1 (en) System and method of registering a vendor with a subscriber account within an electronic bill payment system
US20100063906A1 (en) Systems and methods for authentication of a virtual stored value card
US20010056487A1 (en) Method and system for authenticating identity on internet
US20060031899A1 (en) Methods for augmenting subscription services with pay-per-use services
CN101675616A (en) methods and systems for delivering sponsored out-of-band passwords
US20060242038A1 (en) Method for charging costs of enjoying contents transmitted over a telecommunications network, preferably by the internet network, and related system
KR20140058427A (en) Virtual piggybank having quick connect
CN106878244B (en) Authenticity certification information providing method and device
US20070250450A1 (en) System and method for conducting mobile transactions
WO2015008075A1 (en) Providing a new user with access to an account
WO2005081489A1 (en) Improved secure web site access method and system
Otor et al. An improved security model for nigerian unstructured supplementary services data mobile banking platform
US20030191691A1 (en) Computer system for forming a database
CA2349306C (en) Method of and apparatus for executing automated transactions
KR100822939B1 (en) System and Method for Providing Unfaced Channel User Interface by Using Nickname and Recording Medium
KR102447781B1 (en) System for operating study cafe and method thereof

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase