WO2006134434A1 - A method of authenticating a message transmitted on a communications network and a system therefor - Google Patents

A method of authenticating a message transmitted on a communications network and a system therefor Download PDF

Info

Publication number
WO2006134434A1
WO2006134434A1 PCT/IB2006/001327 IB2006001327W WO2006134434A1 WO 2006134434 A1 WO2006134434 A1 WO 2006134434A1 IB 2006001327 W IB2006001327 W IB 2006001327W WO 2006134434 A1 WO2006134434 A1 WO 2006134434A1
Authority
WO
WIPO (PCT)
Prior art keywords
code
intended recipient
message
communications network
method according
Prior art date
Application number
PCT/IB2006/001327
Other languages
French (fr)
Inventor
Eugene Francois Smith
Hemmanth Singh
Horatio Huxham
Steven James Truscott
Original Assignee
Mtn Mobile Money Sa (Pty) Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to ZA2005/04807 priority Critical
Priority to ZA200504807 priority
Application filed by Mtn Mobile Money Sa (Pty) Ltd filed Critical Mtn Mobile Money Sa (Pty) Ltd
Priority claimed from AP200704286A external-priority patent/AP200704286A0/en
Publication of WO2006134434A1 publication Critical patent/WO2006134434A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00Arrangements for user-to-user messaging in packet-switching networks, e.g. e-mail or instant messages
    • H04L51/12Arrangements for user-to-user messaging in packet-switching networks, e.g. e-mail or instant messages with filtering and selective blocking capabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/005Context aware security
    • H04W12/0051Identity aware
    • H04W12/00514Subscriber identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]

Abstract

A method of authenticating a message transmitted on a communications network and a system therefor. The method includes storing at least one code in a memory, wherein the at least one code is associated with an intended recipient of a message and wherein the at least one code is known to the intended recipient. Identifying the intended recipient of a message and extracting from the memory the at least one code associated with the intended recipient. The at least one code is then transmitted to the intended recipient which at least one code can be used by the intended recipient to authenticate the message.

Description

A METHOD OF AUTHENTICATING A MESSAGE TRANSMITTED ON A COMMUNICATIONS NETWORK AND A SYSTEM THEREFOR

BACKGROUND OF THE INVENTION

THIS invention relates to a method of authenticating a message transmrtted on a communicattons network and a system therefor.

When an intended recipient receives, via a communications device, a message such as a Short Message Service (SMS) message they are not always able to ascertain if the SMS originates from an authentic source or not.

For example, they may not know the full number of the sender of the SMS. Alternatively, a fraudster may send a fraudulent SMS notification and "spoof the number so that it looks like a valid number.

This poses particular difficulty where the SMS is a notification of a transaction such as a financial transaction.

The present invention seeks to address this. SUMMARY OF THE INVENTION

According to an example embodiment there is provided a method of authenticating a message transmitted on a communications network, the method including:

storing at least one code in a memory, wherein the at least one code is associated with an intended recipient of a message and wherein the at least one code is known to the intended recipient;

identifying the intended recipient of a message;

extracting from the memory the at feast one code associated with the intended recipient; and

transmitting the at least one code to the intended recipient which at least one code can be used by the intended recipient to authenticate the message.

Preferably, a plurality of codes are stored in a memory wherein each of the codes is associated with an intended recipient.

The code may be transmitted to the intended recipient via the communications network.

In one embodiment, the at least one code is transmitted together with a message which is to be authenticated.

The at least one code may be a random and unique code generated for the intended recipient.

Alternatively, the at least one code may be received from the recipient. The at least one code may be an alphanumeric code.

The network may be a mobile communications network.

The message maybe a Short Message Service (SMS), Multi-media Message Service (MMS) message or any other type of message transmitted over a mobile communications network.

According to another example embodiment there is provided a system for authenticating a message transmitted on a communications network, the system including:

a memory for storing at ieast one cσde, wherein the at least one code is associated with an intended recipient of a message and wherein the at least one code is known to the intended recipient; and

at least one processor for.

Identifying the intended recipient of a message;

extracting from the memory the at (east one code associated with the intended recipient; and

transmitting the at least one code to the intended recipient which at least one code can be used by the intended recipient to authenticate tha message.

A plurality of codes may be stored in the memory and wherein each of the codes fs associated with an intended recipient.

The at least one processor may transmit the code to the Intended recipient via the communications network. The at least one processor may transmit the at least one code together with a message which is to be authenticated.

The at least one code may be a random and unique code generated for the intended recipient.

The at least one code may be received from the recipient.

The at least one code may be an alphanumeric code.

The network is typically a mobile communications network.

In this case, the message may be a Short Message Service (SMS), Multimedia Message Service (MMS) message or any other type of message transmitted over a mobile communications network.

The at least one processor may identify the intended recipient by identifying a mobile communications device of the intended recipient.

The mobile communications device of the intended recipient may be identified using the Mobile Station Integrated Services Digital Network (MSISDN) of the device.

BRIEF DESCRIPTION OF THE DRAWINGS

Figure 1 shows an example of a system within which the present invention could be implemented; and

Figure 2 is a flowchart illustrating the steps of the present Invention. DESCRlPTtON OF PREFERRED EMBODIMENTS

Referring to Figure 1, messages are sent to a communications device 10 over a communications network 12.

In the illustrated example embodiment, the communications network is a mobile communications network and the communications device 10 is a mobile telephone.

However, it will be appreciated that while the communication device 10 is illustrated as a mobile telephone, this device could be any other communication device which is able to communicate via the mobile communication network. Some examples of such devices are personal digital assistants (PDA's) and computers.

Messages are typically sent over the communications network 12 using a Short Message Service (SMS) protocol. However, other protocols may be used such as Multimedia Message Service (MMS), for example.

The sending and receiving of messages is controlled by a Short Message Service Centre (SMSC) 14.

It will be appreciated that when an intended recipient receives, via communications device 10, an SMS, they are not always able to ascertain if the SMS originates from an authentic source or not.

For example, they may not know the full number of the sender of the SMS. Alternatively, a fraudster may send a fraudulent SMS notification and "spoof the number so that it looks like a valid number.

This poses particular difficulty where the SMS is a notification of a transaction such as a financial transaction. In one example embodiment a server 18, typically a server of a financial institution, is connected to the SMSC 14 via another network 16. Tha server 18 has an associated memory 20 typically In the form of a database.

At least one code is. stored in the database 20 where the at least one code is associated with an intended recipient of a message and wherein the at least one code is known to the intended recipient.

Preferably, a plurality of codes are stored in the database 20 wherein each of the codes is associated with an intended recipient.

The code may be a random and unique code generated for the intended recipient by the server 18 and transmitted to the intended recipient over the communications network 12.

Alternatively, the code may be received from the recipient via the communications network 12 and stored in the database 20.

The code will typically be an alphanumeric code.

In order to authenticate a message transmitted to an intended recipient, the intended recipient of the message is identified using an identification of the mobile device of the intended recipient such as the Mobile Station Integrated Services Digital Network (MSISDN) of the intended recipient.

The database 20 is then accessed and the code associated with the intended recipient Is extracted.

This code is then transmuted, typically over the communications network 12, to the intended recipient who can then use the code to authenticate the message.

In one embodiment, the code is transmitted together with the message which is to be authenticated. It will be appreciated that the method of authentication could be used in various applications.

The application discussed above is with respect to a financial institution who wishes to send verification messages regarding transactions a user may have effected on an account with the financial institution.

Thus, a user paying an account may receive a verification message that the payment has been successfuFiy processed.

This verification message could be authenticated in the manner described above with the code being transmitted together with the message.

In another example application, a user of another communications device 22 who wishes to transmit a message to a user of the first communications device 10 may have the message authenticated.

In this embodiment, the message is received by the SMSC 14 which then communicates with the server 18 to identify the message recipient and to attach the code from the database to the message sent to the intended recipient.

It will be appreciated that the methodology described above is Implemented by the server including at least one processor to implement the various steps. Although the illustrated embodiment shows a single server, it should also be appreciated that there could be a plurality of processors spread across a plurality of servers in order to implement the methodologies.

Executing on the at least one processor is typically machine-readable medium on which is stored one or more sets of instructions (e.g., software) embodying any one or more of the methodologies or functions described herein. The software may also reside, completely or at least partially, within a main memory of the server and/or within a processor during execution thereof by the computer system.

While the machine-readable medium is typically a single medium, the term "machine-readable medium" should be taken to include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more sets of instructions. The term "machine-readable medium" shall also be taken to include any medium that Is capable of storing, encoding or carrying a set of instructions for execution by the machine and that cause the machine to perform any one or more of the methodologies. The term "machine- readable medium" shall accordingly be taken to Include, but not be limited to, solid-state memories, optical and magnetic media, and carrier wave signals.

It will be further appreciated that although the present invention has been described with servers 14 and 18 operating remotely from one another, the present invention can also be implemented directly on server 14 with a separate module which is used to execute the authentication functions.

Claims

1. A method of authenticating a message transmuted on a communications network, the method including;
storing at least one code In a memory, wherein the at least one code is associated with an intended recipient of a message and wherein the at least one code is known to the intended recipient;
identifying the intended recipient of a message;
extracting from the memory the at least one code associated with the intended recipient; and
transmitting the at ieast one code to the intended recipient which at least one code can be used by the intended recipient to authenticate the message.
2. A method according to claim 1 wherein a plurality of codes are stored in a memory wherein each of the codes is associated with an intended recipient.
3. A method according to claim 1 or claim 2 wherein the at least one code is transmitted to the intended recipient vra the communications network.
4. A method according to claim 3 wherein the at feast one code is transmitted together with a message which is io be authenticated.
5. A method according to any preceding claim wherein the at least one code is a random and unique code generated for the intended recipient.
6. A method according to any one of claims 1 to 4 wherein the at least one code is received from frie recipient.
7. A method according to any preceding claim wherein the at least one code is an alphanumeric code.
8. A method according to any preceding claim wherein the network is a mobile communications network.
9. A method according to claim 8 wherein the message is a Short Message Service (SMS), Multi-media Message Service (MMS) message or any other type of message transmitted over a mobile communications network.
10. A method according to any preceding claim wherein the intended recipient is identified by identifying a mobile communications device of the intended recipient.
11. A method according to claim 10 wherein the mobile communications device of the intended recipient is identified using the Mobile Station Integrated Services Digital Network (MSISDN) of the device.
12. A system for authenticating a message transmitted on a communications network, the system including:
a memory for storing at least one code, wherein the at least one code is associated with an intended recipient of a message and wherein the at least one code is known to the intended recipient; and
at least one processor for:
identifying the intended recipient of a message; extracting from the memory the at least one code associated with the intended recipient; and
transmitting the at least one code to the intended recipient which at least one code can be used by the intended recipient to authenticate the message.
13. A system according to claim 12 wherein a plurality of codes are stored in the memory and wherein each of the codes is associated with an Intended recipient.
14. A system according to clafm 12 or claim 13 wherein the at teast one processor transmits the code to the intended recipient via the communications network.
15. A system according to claim 14 wherein the at least one processor transmits the at teast one code together with a message which is to be authenticated.
16. A system according to any one of claims 12 to 15 wherein the at least one code is a random and unique code generated for the intended recipient.
17. A system according to any one of claims 12 to 15 wherein the at least one code is received from the recipient.
18. A system according to any one of claims 12 to 17 wherein the at least one code is an alphanumeric code.
19. A system according to any one of claims 12 to 18 wherein the network is a mobile communications network.
20. A system according to any one of claims 12 to 19 wherein the message is a Short Message Service (SMS), Multi-media Message Servϊce (MMS) message or any other type of message transmitted over a mobile communications network.
21. A system according to any one of claims 12 to 20 claim wherein the at least one processor identifies the intended recipient by identifying a mobile communications device of the intended recipient.
22. A system according tα claim 21 wherein the mobile communications device of the intended recipient is identified using the Mobile Station Integrated Services Digital Network (MSISDN) of the device.
PCT/IB2006/001327 2005-06-13 2006-05-22 A method of authenticating a message transmitted on a communications network and a system therefor WO2006134434A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
ZA2005/04807 2005-06-13
ZA200504807 2005-06-13

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
AP200704286A AP200704286A0 (en) 2006-05-22 2006-05-22 A method of authentcating a message transimitted on a communications network and system therefor

Publications (1)

Publication Number Publication Date
WO2006134434A1 true WO2006134434A1 (en) 2006-12-21

Family

ID=36778168

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2006/001327 WO2006134434A1 (en) 2005-06-13 2006-05-22 A method of authenticating a message transmitted on a communications network and a system therefor

Country Status (2)

Country Link
WO (1) WO2006134434A1 (en)
ZA (1) ZA200710375B (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8532850B2 (en) 2009-03-17 2013-09-10 General Electric Company System and method for communicating data in locomotive consist or other vehicle consist
US8583299B2 (en) 2009-03-17 2013-11-12 General Electric Company System and method for communicating data in a train having one or more locomotive consists
US8655517B2 (en) 2010-05-19 2014-02-18 General Electric Company Communication system and method for a rail vehicle consist
US8702043B2 (en) 2010-09-28 2014-04-22 General Electric Company Rail vehicle control communication system and method for communicating with a rail vehicle
US8798821B2 (en) 2009-03-17 2014-08-05 General Electric Company System and method for communicating data in a locomotive consist or other vehicle consist
US8825239B2 (en) 2010-05-19 2014-09-02 General Electric Company Communication system and method for a rail vehicle consist
US8914170B2 (en) 2011-12-07 2014-12-16 General Electric Company System and method for communicating data in a vehicle system
US8935022B2 (en) 2009-03-17 2015-01-13 General Electric Company Data communication system and method
US9379775B2 (en) 2009-03-17 2016-06-28 General Electric Company Data communication system and method
US9513630B2 (en) 2010-11-17 2016-12-06 General Electric Company Methods and systems for data communications
US9637147B2 (en) 2009-03-17 2017-05-02 General Electronic Company Data communication system and method
US10144440B2 (en) 2010-11-17 2018-12-04 General Electric Company Methods and systems for data communications

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040088390A1 (en) * 2002-11-05 2004-05-06 Microsoft Method and levels of ping notification
US20040170158A1 (en) * 2002-12-16 2004-09-02 Gemini Mobile Technologies, Inc. Stateless message routing

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040088390A1 (en) * 2002-11-05 2004-05-06 Microsoft Method and levels of ping notification
US20040170158A1 (en) * 2002-12-16 2004-09-02 Gemini Mobile Technologies, Inc. Stateless message routing

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
JOSHUA GOODMAN: "IP Addresses in Email Clients", PROCEEDINGS OF THE FIRST CONFERENCE ON EMAIL AND ANTI-SPAM (CEAS) 2004, 30 July 2004 (2004-07-30) - 31 July 2004 (2004-07-31), Mountain View, CA, XP002395033, Retrieved from the Internet <URL:http://www.ceas.cc/papers-2004/162.pdf> [retrieved on 20060816] *
MOBILE PAYMENT FORUM: "Risks and Threats Analysis and Security Best Practices - Mobile 2-Way Messaging Systems - Version 1.0", MOBILE PAYMENT FORUM, 13 May 2003 (2003-05-13), XP002395034, Retrieved from the Internet <URL:http://www.mobilepaymentforum.org/info/mpf_docs/MPF_Security_Best_Practices.pdf> [retrieved on 20060816] *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8532850B2 (en) 2009-03-17 2013-09-10 General Electric Company System and method for communicating data in locomotive consist or other vehicle consist
US8583299B2 (en) 2009-03-17 2013-11-12 General Electric Company System and method for communicating data in a train having one or more locomotive consists
US9379775B2 (en) 2009-03-17 2016-06-28 General Electric Company Data communication system and method
US8798821B2 (en) 2009-03-17 2014-08-05 General Electric Company System and method for communicating data in a locomotive consist or other vehicle consist
US8935022B2 (en) 2009-03-17 2015-01-13 General Electric Company Data communication system and method
US9637147B2 (en) 2009-03-17 2017-05-02 General Electronic Company Data communication system and method
US8825239B2 (en) 2010-05-19 2014-09-02 General Electric Company Communication system and method for a rail vehicle consist
US8655517B2 (en) 2010-05-19 2014-02-18 General Electric Company Communication system and method for a rail vehicle consist
US8702043B2 (en) 2010-09-28 2014-04-22 General Electric Company Rail vehicle control communication system and method for communicating with a rail vehicle
US9513630B2 (en) 2010-11-17 2016-12-06 General Electric Company Methods and systems for data communications
US10144440B2 (en) 2010-11-17 2018-12-04 General Electric Company Methods and systems for data communications
US8914170B2 (en) 2011-12-07 2014-12-16 General Electric Company System and method for communicating data in a vehicle system

Also Published As

Publication number Publication date
ZA200710375B (en) 2009-03-25

Similar Documents

Publication Publication Date Title
US6105006A (en) Transaction authentication for 1-way wireless financial messaging units
EP1969880B1 (en) System and method for dynamic multifactor authentication
US7979054B2 (en) System and method for authenticating remote server access
US7362869B2 (en) Method of distributing a public key
JP5062916B2 (en) Secure messaging system for selective call signaling system
RU2401455C2 (en) Electronic system for rendering bank services
JP5101565B2 (en) Contact authentication and reliable contact renewal in mobile radio communication equipment
US20140019342A1 (en) Electronic payment systems and supporting methods and devices
US20090204815A1 (en) System and method for wireless device based user authentication
EP1922681B1 (en) Mobile account management
US6112078A (en) Method for obtaining at least one item of user authentication data
US20020186845A1 (en) Method and apparatus for remotely disabling and enabling access to secure transaction functions of a mobile terminal
US7565321B2 (en) Telepayment method and system
EP1658718B1 (en) Method for registration of licensed modules in mobile devices
CN101091156B (en) System and method for providing a multi-credential authentication protocol
US20020052842A1 (en) Initiation of an electronic payment transaction
EP2378451A1 (en) User authentication in a tag-based service
JP5407104B2 (en) Method and apparatus for physical POS transaction
US20060194592A1 (en) Method and system for enhanced security using location-based wireless authentication
CN1116771C (en) Method and system for message processing in telecommunication system
AU2003225327B2 (en) Method for authenticating and verifying SMS communications
US20080301444A1 (en) Apparatus and Method for Providing Personal Information Sharing Service Using Signed Callback Url Message
JP2009543493A (en) Customer identification and authentication procedures for online Internet payment using a mobile phone
CA2313697A1 (en) Portable 2-way wireless financial messaging unit
WO2006079145A1 (en) Authentication method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06744738

Country of ref document: EP

Kind code of ref document: A1