WO2007044882A2 - Systeme et procede d'autorisation de transactions - Google Patents

Systeme et procede d'autorisation de transactions Download PDF

Info

Publication number
WO2007044882A2
WO2007044882A2 PCT/US2006/040009 US2006040009W WO2007044882A2 WO 2007044882 A2 WO2007044882 A2 WO 2007044882A2 US 2006040009 W US2006040009 W US 2006040009W WO 2007044882 A2 WO2007044882 A2 WO 2007044882A2
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
entity
recited
source entity
communications channel
Prior art date
Application number
PCT/US2006/040009
Other languages
English (en)
Other versions
WO2007044882A3 (fr
Inventor
Philip Yuen
Chih-Jen Huang
Gerald Yuen
Original Assignee
Philip Yuen
Chih-Jen Huang
Gerald Yuen
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/546,534 external-priority patent/US8447700B2/en
Priority claimed from US11/546,030 external-priority patent/US8352376B2/en
Application filed by Philip Yuen, Chih-Jen Huang, Gerald Yuen filed Critical Philip Yuen
Priority to CA2645044A priority Critical patent/CA2645044C/fr
Priority to EP06816831.9A priority patent/EP2074524B1/fr
Priority to EP14191937.3A priority patent/EP2858328B1/fr
Publication of WO2007044882A2 publication Critical patent/WO2007044882A2/fr
Publication of WO2007044882A3 publication Critical patent/WO2007044882A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Definitions

  • Figure 16 is a block diagram illustrating an exemplary embodiment of a computer system.
  • the transaction authorization service 100 may verify that the PIN or other identifier provided by the source entity 102 is valid, for example by checking the provided identifier against an identifier provided by the source entity during a registration process for the transaction authorization service. If the provided PIN or other identifier is not valid, then the transaction is not considered authorized by the transaction authorization service 100.
  • the authorization through the separate communications channel serves to securely verify that the transaction was initiated and is authorized by the source entity 102.
  • communications device 204 which is to be used to authorize transactions and for which a phone number was entered during the registration process, may also be used to initiate a transaction over a first communications channel.
  • transaction authorization service 100 may contact source entity 102, for example at a phone number specified by the source entity 102 during the registration process (Le., over the second communications channel as illustrated in Figure 3).
  • the phone number may, for example, be the number of a land-based phone, cell phone or other phone- capable device in the possession of source entity 102.
  • communications device 204 is a device (e.g., a mobile phone/cell phone or standard land-based telephone) to which is assigned the specified phone number.
  • entity 102 may enter a PIN number or other identification code on communications device 204 in response to the authorization request message received from transaction authorization service 100 on communications device 204 via the second communications channel. For example, if entity 102 has selected a PIN number of 3419, then entity 102 may enter the PIN number "3419" (in one embodiment, followed by a # sign) on the keypad of communications device 204.
  • entity 102 may enter a different code or command to cancel or deny the transaction if desired. Note that, in one embodiment, the PIN number or other identifier may need to be entered to verify the cancellation or denial.
  • the response of entity 102 is then communicated to transaction authorization service 100 via the second communications ' channel.
  • target entity 104 communicates with transaction authorization service 100 to communicate the transaction and initiate the actual funds transfer.
  • the communication may include, but is not limited to, information identifying the target entity 104, information identifying the source entity 102, and the amount to be transferred to target entity 104.
  • the communications may also include other information, such as information identifying a communications channel to be used to authorize the transaction with the source entity (e.g., a phone number).
  • the transaction authorization service 100 may verify that the PIN or other identifier provided by the source entity 102 is valid, for example by checking the provided identifier against an identifier provided by the source entity during a registration process for the transaction authorization service. If the provided PIN or other identifier is not valid, then the transaction is not considered authorized by the transaction authorization service 100.
  • alternative methods of contacting the source entity 102 to authorize a transaction may be used.
  • transaction authorization service 100 may contact source entity 102 via some other mechanism, for example by email, requesting authorization of the transaction.
  • Source entity 102 may then contact transaction authorization service 100 via the second communications channel and communications device to authorize (or deny) the transaction, in so doing providing the PIN number or other identification code via the communications device to authorize the transaction or cancel/deny the transaction.
  • transaction authorization service 100 may complete the transaction with target entity 104, for example by electronically transferring funds from the source entity's account to an account specified by target entity 104.
  • the target entity's account may be an account with the transaction authorization service 100 or, alternatively, an account with a different entity, such as a bank.
  • target entity 104 may not complete the transaction with source entity 102 (e.g., may not OK a purchase order for processing) until the transaction with transaction authorization service 100 is completed.
  • transaction authorization service 100 may communicate with target entity 104 to indicate the successful completion of the transaction.
  • the communications from transaction authorization service 100 to target entity 104 may include other information relevant to the source entity 102 and the transaction, such as a shipping address for source entity 102. If the transaction was not authorized by source entity 102, or the authorization was determined to be invalid by transaction authorization service 100, transaction authorization service 100 may communicate with target entity 104 to indicate that the transaction was not completed, and may include in the communication information describing the reason.
  • Target entity 104 may communicate with transaction authorization service 100 to initiate a transaction with source entity 102 over a communications channel (e.g., a voice message over a telephone system, a text message, an email, etc.).
  • the communication may include, but is not limited to, information identifying the source entity 102 and an amount that the target entity 104 is requesting to be transferred to the target entity 104 by the source entity 102.
  • the information identifying the source entity 102 may also include information identifying a communications channel to be used to contact the source entity 102 to authorize the transaction.
  • the transaction authorization service 100 may verify that the PIN or other identifier provided by the source entity 102 is valid, for example by checking the provided identifier against an identifier provided by the source entity during a registration process for the transaction authorization service. If the provided PIN or other identifier is not valid, then the transaction is not considered authorized by the transaction authorization service 100.
  • alternative methods of contacting the source entity 102 to authorize a transaction may be used.
  • transaction authorization service 100 may contact source entity 102 via some other mechanism, for example by email, requesting authorization of the transaction.
  • Source entity 102 may then contact transaction authorization service 100 via a second, separate communications channel and communications device to authorize (or deny) the transaction, in so doing providing the PIN number or other identification code via the communications device to authorize the transaction or deny the transaction.
  • FIG. 6A illustrates an embodiment of a transaction authorization service in which text messaging is employed as a first communications channel, and a voice communications channel is employed as the second, separate communications channel.
  • a transaction may be initiated by source entity 102 via a text message to transaction authorization service 100.
  • the transaction may then be authorized via the voice communications channel.
  • the transaction authorization service 100 may, for example, call a telephone number associated with source entity 102, identify the message as authentic (for example, via a security phrase), describe the transaction, and request authorization.
  • the telephone call may be automated or initiated by a human, and the communications may be via a "live" human voice or via an automated telephone system.
  • the source entity 102 may then enter or otherwise provide a PIN number or other identifier to authorize the transaction.
  • Figure 6B illustrates an embodiment of a transaction authorization service in which text messaging is employed as a first communications channel, and a cellular telephone communications channel and cellular telephone-capable device is employed as the second, separate communications channel.
  • a transaction may be initiated by source entity 102 via a text message to transaction authorization service 100.
  • the transaction may then be authorized via the cellular telephone communications channel.
  • the transaction authorization service 100 may, for example, call a telephone number associated with a cell phone 110 associated with source entity 102, identify the message as authentic (for example, via a security phrase), describe the transaction, and request authorization.
  • the cellular telephone call may be automated or initiated by a human, and the communications may be via a "live" human voice or via an automated telephone system.
  • target entity 104 may be an e-commerce web site that allows source entity 102 to use transaction authorization service 100 as a payment method for transactions (e.g., purchases) made via the site.
  • Various embodiments may use different communications mechanisms, for example voice communications (e.g., conventional telephone systems, mobile/cellular phone systems, etc.), text messaging systems (e.g., SMS), a web services interface, or one or more of other communications systems or mechanisms as communications channels for communications between source entity 102 and target entity 104, between target entity 104 and transaction authorization service 100, and between transaction authorization service 100 and source entity 102.
  • voice communications e.g., conventional telephone systems, mobile/cellular phone systems, etc.
  • text messaging systems e.g., SMS
  • a web services interface or one or more of other communications systems or mechanisms as communications channels for communications between source entity 102 and target entity 104, between target entity 104 and transaction authorization service 100, and between transaction authorization service 100 and source entity 102.
  • Figure 8 illustrates an exemplary embodiment of a transaction authorization service in which a source entity communicates with a target entity via text messaging, in response to which the target entity communicates with a transaction authorization service via a web services interface to initiate a transaction with the source entity, and the transaction authorization service authorizes the transaction via a voice communications channel.
  • a text messaging communications channel is used for communications between source entity 102 and target entity 104 to initiate a transaction
  • a web services interface is used for communications between target entity 104 and transaction authorization service 100 to communicate the transaction to transaction authorization service 100 (and to complete the transaction once authorized)
  • a voice communications channel is used for communications between transaction authorization service 100 and source entity 102 to authorize the transaction.
  • FIG 10 is a flowchart of a method for telephone authorization of transactions according to one embodiment. This method is similar to that described in Figure 9, except that the second communications channel used to authorize the transaction is a telephone communications channel.
  • a source entity initiates a transaction to a target entity via a first communications channel to a transaction authorization service.
  • the transaction authorization service may confirm the transaction with the source entity via a telephone communications channel (the second communications channel).
  • the authorization message may be directed to a conventional or cellular telephone associated with a phone number provided by the source entity.
  • the transaction authorization service may call the telephone number, may identify the message as authentic (for example, via a security phrase), identify the transaction, and request authorization.
  • the telephone call may be automated or initiated by a human.
  • the source entity may then enter or otherwise provide a PIN number or other identifier to authorize the transaction.
  • the transaction authorization service may verify that the PIN or other identifier provided by the source entity is valid, for example by checking the provided identifier against an identifier provided by the source entity during a registration process for the transaction authorization service. If the provided PIN or other identifier is not valid, then the transaction is not considered authorized by the transaction authorization service.
  • the transaction authorization service and/or the source entity may contact the target entity to inform the target entity of the transaction.
  • the transaction authorization service confirms or authorizes the transaction with the source entity via a specified communications channel, for example at a phone number specified by the source entity during the registration process with the transaction authorization service.
  • the phone number may, for example, be the number of a land-based phone, cell phone or other phone-capable device in the possession of the source entity.
  • the contact may include transmitting a text message requesting that the source entity authorize the initiated transaction. Note that other embodiments may initiate a cell or standard telephone call with either human or automated voice messages for the authorization request message.
  • the authorization request message may include a security phrase either entered by or provided to entity during registration to indicate that the message is from transaction authorization service.

Abstract

L'invention concerne un système et un procédé destinés à autoriser des transactions, telles que des paiements ou des transferts d'argent. On peut utiliser un mécanisme d'autorisation de transaction au moyen duquel la réalisation d'une transaction lancée par l'intermédiaire d'une première voie de communication peut être autorisée par l'intermédiaire d'une seconde voie de communication séparée ou mécanisme. Une entité source peut lancer une transaction avec une entité cible par l'intermédiaire d'une première voie de communication en direction d'un service d'autorisation de transaction. Le service d'autorisation de transaction peut confirmer la transaction avec l'entité source par l'intermédiaire d'une seconde voie de communication. Divers modes de réalisation peuvent faire appel à différentes voies de communication, telles que, par exemple, des systèmes téléphoniques classiques, des systèmes téléphoniques mobiles/cellulaires et des systèmes de messagerie texte, ces systèmes étant utilisés comme première ou seconde voie de communication. Après l'autorisation de la transaction par l'intermédiaire de la seconde voie de communication, le service d'autorisation de transaction et/ou l'entité source peut contacter l'entité cible en vue d'informer cette dernière de la transaction. L'entité cible peut alors achever la transaction.
PCT/US2006/040009 2005-10-11 2006-10-11 Systeme et procede d'autorisation de transactions WO2007044882A2 (fr)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CA2645044A CA2645044C (fr) 2005-10-11 2006-10-11 Systeme et procede d'autorisation de transactions
EP06816831.9A EP2074524B1 (fr) 2005-10-11 2006-10-11 Systeme et procede d'autorisation de transactions
EP14191937.3A EP2858328B1 (fr) 2005-10-11 2006-10-11 Système et procédé d'autorisation de transactions

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
US72440405P 2005-10-11 2005-10-11
US60/724,404 2005-10-11
US73797205P 2005-11-18 2005-11-18
US60/737,972 2005-11-18
US11/546,030 2006-10-10
US11/546,534 2006-10-10
US11/546,534 US8447700B2 (en) 2005-10-11 2006-10-10 Transaction authorization service
US11/546,030 US8352376B2 (en) 2005-10-11 2006-10-10 System and method for authorization of transactions

Publications (2)

Publication Number Publication Date
WO2007044882A2 true WO2007044882A2 (fr) 2007-04-19
WO2007044882A3 WO2007044882A3 (fr) 2007-10-04

Family

ID=37943545

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/040009 WO2007044882A2 (fr) 2005-10-11 2006-10-11 Systeme et procede d'autorisation de transactions

Country Status (1)

Country Link
WO (1) WO2007044882A2 (fr)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009071734A1 (fr) * 2007-12-07 2009-06-11 Nokia Corporation Authentification de transaction
US8713647B2 (en) 2009-08-21 2014-04-29 International Business Machines Corporation End-of-session authentication
WO2014189361A1 (fr) * 2013-05-23 2014-11-27 Infobase Solution Sdn. Bhd. Système permettant d'autoriser des transactions électroniques et procédé associé
EP2933769A1 (fr) * 2014-04-10 2015-10-21 Vodafone GmbH Procédé de transaction
DE102009056116B4 (de) * 2008-12-01 2016-08-18 Tagpay Gmbh Verfahren und Einrichtung zur Autorisierung einer Transaktion
CN110719252A (zh) * 2018-07-13 2020-01-21 利普埃克斯伯特有限公司 用于通过通信信道授权交易的方法、系统和计算机可读媒体
CN113938481A (zh) * 2021-11-12 2022-01-14 中国建设银行股份有限公司 回单处理方法、处理装置、电子设备及可读存储介质

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030144952A1 (en) 2002-01-31 2003-07-31 International Business Machines Corporation Detection of unauthorized account transactions
GB2397731A (en) 2003-01-22 2004-07-28 Ebizz Consulting Ltd Authenticating a user access request to a secure service over a primary communication channel using data sent over a secondary communication channel

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8181262B2 (en) * 2005-07-20 2012-05-15 Verimatrix, Inc. Network user authentication system and method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030144952A1 (en) 2002-01-31 2003-07-31 International Business Machines Corporation Detection of unauthorized account transactions
GB2397731A (en) 2003-01-22 2004-07-28 Ebizz Consulting Ltd Authenticating a user access request to a secure service over a primary communication channel using data sent over a secondary communication channel

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP2074524A2

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009071734A1 (fr) * 2007-12-07 2009-06-11 Nokia Corporation Authentification de transaction
CN101868953A (zh) * 2007-12-07 2010-10-20 诺基亚公司 事务处理认证
DE102009056116B4 (de) * 2008-12-01 2016-08-18 Tagpay Gmbh Verfahren und Einrichtung zur Autorisierung einer Transaktion
US8713647B2 (en) 2009-08-21 2014-04-29 International Business Machines Corporation End-of-session authentication
WO2014189361A1 (fr) * 2013-05-23 2014-11-27 Infobase Solution Sdn. Bhd. Système permettant d'autoriser des transactions électroniques et procédé associé
EP2933769A1 (fr) * 2014-04-10 2015-10-21 Vodafone GmbH Procédé de transaction
CN110719252A (zh) * 2018-07-13 2020-01-21 利普埃克斯伯特有限公司 用于通过通信信道授权交易的方法、系统和计算机可读媒体
CN113938481A (zh) * 2021-11-12 2022-01-14 中国建设银行股份有限公司 回单处理方法、处理装置、电子设备及可读存储介质

Also Published As

Publication number Publication date
WO2007044882A3 (fr) 2007-10-04

Similar Documents

Publication Publication Date Title
US8352376B2 (en) System and method for authorization of transactions
US8447700B2 (en) Transaction authorization service
JP6294398B2 (ja) エイリアスを使用したモバイル・ペイメントのシステム及び方法
US7729989B1 (en) Method and apparatus for message correction in a transaction authorization service
US7873573B2 (en) Virtual pooled account for mobile banking
US8249965B2 (en) Member-supported mobile payment system
EP2407918A1 (fr) Système de paiement mobile de personne à personne
US20070255662A1 (en) Authenticating Wireless Person-to-Person Money Transfers
US20070244811A1 (en) Mobile Client Application for Mobile Payments
WO2009114876A2 (fr) Système de paiement viral basé sur un réseau
US8239326B1 (en) Method and apparatus for authorizing transactions using transaction phrases in a transaction authorization service
WO2007044882A2 (fr) Systeme et procede d'autorisation de transactions
CA2645044C (fr) Systeme et procede d'autorisation de transactions
US20230035516A1 (en) Method and system for payments via text messages
AU2020101952A4 (en) SMT- Voice Based Mobile Banking: SECURE MONEY TRANSFER USING VOICE BASED MOBILE BANKING

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2006816831

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2645044

Country of ref document: CA