WO2007010081A2 - Procede et systeme permettant d'utiliser des services dans un reseau de telecommunication - Google Patents

Procede et systeme permettant d'utiliser des services dans un reseau de telecommunication Download PDF

Info

Publication number
WO2007010081A2
WO2007010081A2 PCT/FI2006/000249 FI2006000249W WO2007010081A2 WO 2007010081 A2 WO2007010081 A2 WO 2007010081A2 FI 2006000249 W FI2006000249 W FI 2006000249W WO 2007010081 A2 WO2007010081 A2 WO 2007010081A2
Authority
WO
WIPO (PCT)
Prior art keywords
codes
payment
mobile terminal
service
program
Prior art date
Application number
PCT/FI2006/000249
Other languages
English (en)
Other versions
WO2007010081A3 (fr
Inventor
Vesa Juvonen
Original Assignee
Vesa Juvonen
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vesa Juvonen filed Critical Vesa Juvonen
Publication of WO2007010081A2 publication Critical patent/WO2007010081A2/fr
Publication of WO2007010081A3 publication Critical patent/WO2007010081A3/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3552Downloading or loading of personalisation data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4093Monitoring of device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the invention is concerned with a method and system for using services in a telecommunication network, which comprises a mobile terminal and a service provider, between which there is a secured connection for service created.
  • the invention is especially intended for a service to be used in a payment session.
  • bank security identifiers and use keys with which the bank client has access to his own bank account via an Internet, telephone or other such connection. It is also known that the bank client gets this personal information printed on paper for example by fetching them or delivered home by mail. As the identifiers and keys delivered are numeral information in a known way and partly changing and for one-time use, the client of the bank has to keep the papers with him always when the bank services are needed.
  • the object of this invention has been to develop a solution which enables a more practical and secure method to handle bank services than in prior art.
  • services are used in a telecommunication network, which comprises a mobile terminal and a service provider, between which there is a secured connection for the service created.
  • the service program that performs the service is activated, the service provider sends the codes needed to use the service to the mobile terminal and the mobile terminal saves the codes.
  • the mobile terminal belonging to the system of the invention has a program to use the service for payment sessions.
  • the codes needed to use the service can be received with the program through a secure connection and thereafter saved.
  • the service provider has a program with which the codes needed can be sent to the mobile terminal in order to use the service through said secure connection.
  • a service program working in a mobile terminal for example in a mobile phone, which saves the bank identifiers of the owner of the terminal and the use keys in a secure form, and a bank program, with which the terminal is in contact. New and updated bank identifiers and use keys can be sent to the terminal from the program.
  • the system of the invention thus comprises a service program in the mobile device and a program in the data system of the bank, which communicate with each other via some encrypted protocol known in itself over a wireless radio network in such a way that only these parties understand the content of the information to be transferred. It is also important that the user of the mobile terminal is identified in a trusted and safe way. Both the program at the mobile device and the bank can be implemented to each bank ' s own way to use bank identifiers and use keys.
  • the program of the mobile device can handle the security identifiers of each bank and use keys in the way the bank has defined and present and use the one-time identifiers in the right running order and preferably also show the used identifiers and possibly the following identifiers in some way, for example with a lighter tone.
  • New identifiers can be sent in accordance with different practices, for example by requesting, by given intervals or when the program of the service provider notices that a given amount of codes have been used and new ones probably are needed.
  • the programs identify the user in a secure way and the bank client always has the security codes needed in his mobile device and the use keys in a safe way with a strong encryption known in itself in an encrypted security mode.
  • the user only has to remember one password chosen by himself with which he can access all information wanted at the same time. Even if the mobile device would be lost or stolen, the data can not be accessed in contrary to actual paper or plastic outprints that usually are carried in a wallet or in a corresponding way.
  • the data connection per radio is not bound in the mobile device to a given technique. Instead, the invention can be performed with the best actual technique a by the mobile device in order to form a transfer connection. It can be e.g. GSM data, GSM modem, GPRS, EDGE, 3G or any other technique supported by the mobile device.
  • Figure 1 presents an architectural view of an environment in which the invention can be implemented.
  • Figure 2 is a presents a signal diagram of a preferable embodiment of the invention.
  • FIG. 1 presents an example of a telecommunication network in which the invention can be implemented.
  • the telecommunication network of figure 1 comprises a mobile terminal 1 and a server 3 of a service provider having a connection to internet 2.
  • the mobile terminal can be mobile phone, a laptop, a so called communicator or other wireless device, preferable a portable device.
  • the service provider is for example a bank offering bank services for instance for payment sessions.
  • the secured connection is known in itself, for example a SSL connection.
  • SSL Secure Sockets Layer
  • SSL Secure Sockets Layer
  • S-HTTP Secure HTTP
  • SSL creates a secure connection between the client and the server
  • S-HTTP is designed to transfer individual messages in a secure way.
  • Both protocols are standards accepted by the organ Internet Engineering Task Force (IETF).
  • security protocol it is, however, not essential for the invention which security protocol is used. It can be any desired security or encryption method. For the time being, the primary practical secure connection has meant to be the SSL protocol.
  • the service provider in this case a bank, has a program with which payment sessions can be performed from a given account.
  • a password is needed to access the service.
  • a user ID and a user key are needed and possibly also a confirmation code.
  • the use of these passwords, user IDs and confirmation codes is individual for each bank and in practice they are used a little differently.
  • connection 6 has to be defined along which the service for this user and this account works.
  • PC personal computer
  • Another possible embodiment is such an embodiment, wherein the user himself performs the payment session from the mobile terminal 1 , either via the connection 4 or via another connection between some other mobile terminal and server 3.
  • Figure 2 presents a signal diagram of an advantageous embodiment of the invention.
  • the mobile terminal has a program with which codes necessary to use the service can be received via a secured connection between the mobile terminal and the service provider and thereafter they can be stored in the mobile terminal.
  • the service provider has a program with which codes needed to use the service can be sent with the mobile terminal through said secured connection.
  • the user has received the program in this mobile terminal from a bank or other distribution channel to be stored in the mobile terminal, for example in a mobile station, to which the connection between the mobile terminal and the server has been defined.
  • the user installs this program to his mobile terminal, such as to a mobile station.
  • the user wants to use the service for the first time, the user starts the service in step 1 in figure 1 and the program sends the request in step 2 to the service provider.
  • the bank has given the first identifiers to the user after the installation of the program which he stores in the program of the mobile device. Thereafter, the program can contact the system of the bank (which now is done in step 2) and open the service in a trusted way.
  • step 3 in figure 1 the program of the service provider sends the codes needed to use the service after having identified the user, i.e. the user ID and a key series and possibly also confirmation codes, if such codes are needed.
  • step 4 in figure 1 the program installed in the mobile terminal stores these codes automatically in the memory of the terminal.
  • the screen of the mobile terminal can in step 5 of figure 1 get a message of successful storing of the codes.
  • step 7 When the user wants to use the service for example for performing some payment, he inputs the password needed to open the service program in step 6 of figure 1 which, action opens the service (step 7).
  • the program now searches the user ID needed and other necessary codes (the key and possibly a confirmation code needed to perform the payment session) from the memory (or memory card) of the mobile terminal in step 9. These are sent to the screen of the user in step 10.
  • the user can now input the payment information, the user ID and the confirmation numbers in step 11 in the payment program working on the computer (step 12), which program sends the payment to the bank in step 13 in a previously known way.
  • this service program requests the bank to send new identifiers with requirements of another type.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Signal Processing (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Exchange Systems With Centralized Control (AREA)

Abstract

Selon le procédé de l'invention, des services sont utilisés dans un réseau de télécommunication, qui comprend un terminal mobile (1) et un fournisseur de services (3), entre lesquels est établie une connexion sécurisée pour le service créé. Le procédé de l'invention comprend les étapes suivantes dans lesquelles le programme de service qui exécute le service est activé, le fournisseur de services envoie les codes nécessaires pour l'utilisation du service au terminal mobile (1), et le terminal mobile (1) sauvegarde les codes. Le terminal mobile faisant partie du système de l'invention comprend un programme d'utilisation du service pour des sessions de paiement. Les codes nécessaires pour l'utilisation du service peuvent être reçus au moyen du programme par l'intermédiaire d'une connexion sécurisée et peuvent ensuite être sauvegardés. Le fournisseur de services (3) possède un programme qui permet d'envoyer les codes nécessaires au terminal mobile (1) pour l'utilisation du service par l'intermédiaire de ladite connexion sécurisée.
PCT/FI2006/000249 2005-07-21 2006-07-13 Procede et systeme permettant d'utiliser des services dans un reseau de telecommunication WO2007010081A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI20050777 2005-07-21
FI20050777A FI20050777L (fi) 2005-07-21 2005-07-21 Menetelmä ja järjestelmä palvelujen käyttämiseksi tietoliikenneverkossa

Publications (2)

Publication Number Publication Date
WO2007010081A2 true WO2007010081A2 (fr) 2007-01-25
WO2007010081A3 WO2007010081A3 (fr) 2007-05-03

Family

ID=34803232

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2006/000249 WO2007010081A2 (fr) 2005-07-21 2006-07-13 Procede et systeme permettant d'utiliser des services dans un reseau de telecommunication

Country Status (2)

Country Link
FI (1) FI20050777L (fr)
WO (1) WO2007010081A2 (fr)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010007983A1 (en) * 1999-12-28 2001-07-12 Lee Jong-Ii Method and system for transaction of electronic money with a mobile communication unit as an electronic wallet
WO2002023303A2 (fr) * 2000-09-14 2002-03-21 Giesecke & Devrient Gmbh Procede destine a securiser une transaction sur un reseau informatique
DE10114237A1 (de) * 2001-03-22 2002-09-26 Cyberos Ges Fuer Sicherheitssy Verfahren und Vorrichtung zum Durchführen mindestens eines gegen Zahlung eines Entgelts abzuwickelnden Geschäftes
US20020165830A1 (en) * 2000-04-19 2002-11-07 Magic Axess Process and device for electronic payment
DE10315940A1 (de) * 2003-04-06 2004-11-04 Steffens, Sebastian, Dr. Endogenes PIN/TAN Verfahren im Online-Banking
EP1489535A1 (fr) * 2002-03-25 2004-12-22 Fujitsu Limited Systeme d'operation automatique en especes

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010007983A1 (en) * 1999-12-28 2001-07-12 Lee Jong-Ii Method and system for transaction of electronic money with a mobile communication unit as an electronic wallet
US20020165830A1 (en) * 2000-04-19 2002-11-07 Magic Axess Process and device for electronic payment
WO2002023303A2 (fr) * 2000-09-14 2002-03-21 Giesecke & Devrient Gmbh Procede destine a securiser une transaction sur un reseau informatique
DE10114237A1 (de) * 2001-03-22 2002-09-26 Cyberos Ges Fuer Sicherheitssy Verfahren und Vorrichtung zum Durchführen mindestens eines gegen Zahlung eines Entgelts abzuwickelnden Geschäftes
EP1489535A1 (fr) * 2002-03-25 2004-12-22 Fujitsu Limited Systeme d'operation automatique en especes
DE10315940A1 (de) * 2003-04-06 2004-11-04 Steffens, Sebastian, Dr. Endogenes PIN/TAN Verfahren im Online-Banking

Also Published As

Publication number Publication date
FI20050777L (fi) 2007-01-22
FI20050777A0 (fi) 2005-07-21
WO2007010081A3 (fr) 2007-05-03

Similar Documents

Publication Publication Date Title
US6895234B1 (en) Method and apparatus for accessing a common database from a mobile device and a computing device
EP1766847B1 (fr) Procede permettant de generer et de verifier une signature electronique
US6606663B1 (en) Method and apparatus for caching credentials in proxy servers for wireless user agents
US6742127B2 (en) Method and apparatus for maintaining security in a push server
CN101350717B (zh) 一种通过即时通信软件登录第三方服务器的方法及系统
CN1701295B (zh) 用于对计算机网格进行单次登录访问的方法和系统
JP4616352B2 (ja) ユーザ確認装置、方法及びプログラム
US7231371B1 (en) Method and system for ordering and delivering digital certificates
CN101448001B (zh) 一种实现wap手机银行交易安全控制的系统及方法
KR20010085380A (ko) 인터넷을 통해 행해진 상업형 트랜잭션을 방호하기 위해장치들을 연관시키는 방법 및 시스템
CN101025806A (zh) 一种用移动通信终端进行费用支付的身份认证方法
CN101242404A (zh) 一种基于异质网络的验证方法和系统
WO2003007538A1 (fr) Systeme, procede et model fonctionnel pour l'authentification et la non-repudiation des transactions dans un reseau mobile sans fil
CN106845986A (zh) 一种数字证书的签章方法及系统
JP2005513955A (ja) 電子署名方法
CA2451313A1 (fr) Systemes et methodes de controle d'acces a un reseau public de donnees a partir d'un fournisseur d'acces visite
JP2003202978A (ja) パーソナル電子機器から実行するセキュアプリント方法及びシステム
JP2002342285A (ja) 情報発行システム
JP2004525568A (ja) パーソナル・パーム・コンピュータからワールド・ワイド・ウェブ端末へのワイヤレス送信の暗号化のためのシステム
KR100848966B1 (ko) 공개키 기반의 무선단문메시지 보안 및 인증방법
KR20060117881A (ko) 휴대폰을 이용한 전자서명 수행 시스템 및 방법
EP1437024B1 (fr) Procede et dispositif pour reseau de telecommunications
WO2007010081A2 (fr) Procede et systeme permettant d'utiliser des services dans un reseau de telecommunication
JP2004524780A (ja) 小型デバイスにおける暗号署名
KR200375171Y1 (ko) 고유 아이피 주소를 사용자 인증 정보로 이용하는 무선통신 장치

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06764473

Country of ref document: EP

Kind code of ref document: A2

122 Ep: pct application non-entry in european phase

Ref document number: 06764473

Country of ref document: EP

Kind code of ref document: A2