WO2008141838A2 - Procédé et système de courte ouverture de session rapide d'un utilisateur sur un portail de services au moyen d'un dispositif de communication mobile - Google Patents

Procédé et système de courte ouverture de session rapide d'un utilisateur sur un portail de services au moyen d'un dispositif de communication mobile Download PDF

Info

Publication number
WO2008141838A2
WO2008141838A2 PCT/EP2008/004144 EP2008004144W WO2008141838A2 WO 2008141838 A2 WO2008141838 A2 WO 2008141838A2 EP 2008004144 W EP2008004144 W EP 2008004144W WO 2008141838 A2 WO2008141838 A2 WO 2008141838A2
Authority
WO
WIPO (PCT)
Prior art keywords
user
mobile communication
communication device
identifier
service
Prior art date
Application number
PCT/EP2008/004144
Other languages
German (de)
English (en)
Other versions
WO2008141838A9 (fr
WO2008141838A3 (fr
Inventor
Claudia Von Heesen
Harald Spiegel
Original Assignee
Claudia Von Heesen
Harald Spiegel
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Claudia Von Heesen, Harald Spiegel filed Critical Claudia Von Heesen
Priority to EP08758736A priority Critical patent/EP2235659A2/fr
Publication of WO2008141838A2 publication Critical patent/WO2008141838A2/fr
Publication of WO2008141838A3 publication Critical patent/WO2008141838A3/fr
Publication of WO2008141838A9 publication Critical patent/WO2008141838A9/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3226Use of secure elements separate from M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/352Contactless payments by cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/353Payments by cards read by M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks

Definitions

  • a pre-registered on the service portal user via a mobile Communication device such as a mobile phone with the service portal contacts and via this mobile communication device necessary for a logon process on the service portal, and the user in advance as part of his registration with the service portal provider notified logon data, such as user name and password transmitted.
  • a mobile Communication device such as a mobile phone with the service portal contacts and via this mobile communication device necessary for a logon process on the service portal, and the user in advance as part of his registration with the service portal provider notified logon data, such as user name and password transmitted.
  • the subordinate arrangement claim aims at an arrangement as it is advantageously used for carrying out the method according to the invention.
  • the dependent claims relate to advantageous embodiments of the present invention.
  • a first embodiment of the method according to the invention is based on the fact that a user identifier on an identification device (eg a RFID card - radio frequency identification card) is detected by a mobile, preferably NFC-enabled (near field communication) communication device and sent to a Access control device for a service portal is transmitted, and there is compared with a deposited for a particular user identifier. It is granted an access authorization only if the user identifier can be assigned to a user account on the part of the operator of the service portal. From WO 2006/016339 Al measures are already known, as can be carried out by means of NFC-enabled communication devices, a logon process of a user on a computerized service portal.
  • NFC-enabled near field communication
  • the access control device assigns a user access key which, as long as it is valid, is stored both in the access control device and in that mobile communication device with which activation took place.
  • the user identifier is based on biometric features of the user.
  • a short login is only accepted by the access control device in both embodiments if the user identifier of a user has been transmitted to the access control device together with the valid user access key.
  • the user access key is preferably replaced with a new one, so that another short logon can be performed without previous reactivation, etc.
  • Fig. 1 is a schematic representation of an arrangement for carrying out a first embodiment of the method according to the invention
  • FIGS. 2 and 3 are a flowchart of individual method steps which are carried out in a method according to the invention for activating the short-notice in the arrangement shown in FIG. 1;
  • FIG. 4 and 5 a flow chart of individual method steps which are carried out in a method according to the invention of the short notice to the arrangement shown in Fig. 1.
  • Fig. 1 an arrangement will be described in connection with Fig. 1, which may find use in the implementation of a first embodiment of the method according to the invention, as it can be used, for example, in an Internet services portal to handle non-cash payment transactions.
  • the main components of such an arrangement shown in FIG. 1 are: an identification device 10 (identification device IDD) present on the side of a user 60, a mobile communication device 20 (mobile communication device MCD) also present on the side of the user 60, and one in the Typically service providing device 30 (service providing unit 30) provided at a location other than the location of the user, which provides a computerized service portal.
  • an identification device 10 identification device IDD
  • mobile communication device 20 mobile communication device MCD
  • service providing device 30 service providing unit 30
  • the service providing facility 30 serves to centrally control the services of a service portal provider, e.g. a financial service provider, for example, offering a service portal to handle non-cash payment transactions.
  • a service portal provider e.g. a financial service provider, for example, offering a service portal to handle non-cash payment transactions.
  • the central service providing facility 30 comprises a user data storage unit (UDSU) 34 in which records are stored to pre-registered users of a computerized service portal, such as a system for processing non-cash payment transactions. in particular data from user accounts 35 (user account UAC).
  • the user data storage device 34 communicates with a central processing unit 32 (CPU).
  • an access control unit 33 access control unit ACU is connected to the central processing unit 32.
  • the central processing unit 32 coordinates the data exchange with a service portal 36 (service portal SP), via which, for example, financial services of financial service providers, in particular banks, credit card companies, etc., can be used.
  • service portal SP service portal
  • Service providing device 30 via a communication device 31 can be exchanged via the data between the user 60 or the mobile communication device 20 and the central service providing device 30 used by him.
  • the mobile communication device 20 has a communication unit 23 (communication unit CU), via which data can be exchanged electronically via a wide area communication link 51 (wide area communication) with the communication device 31 of the service providing device 30.
  • “long-range communication links” are understood in particular to be public mobile radio telephone networks and in particular the Internet and in particular publicly available communication networks.
  • the mobile communication device 20 has a central processing unit 22 (central processing unit CPU), which processes data streams in the mobile communication device 20.
  • central processing unit CPU central processing unit 22
  • data is exchanged between an identifier detection unit 21 (IDSEU), a display unit 24 (DU), an input unit 25 (IU) and a storage unit (SU) 26.
  • IDSEU identifier detection unit 21
  • DU display unit 24
  • IU input unit 25
  • SU storage unit
  • the mobile communication device 20 can acquire information from the user-provided identification device 10, in particular from an identification presentation unit 12 (identification presentation unit IDPU) provided on the identification device 10.
  • the identifier presentation device 12 is in turn connected to an identifier storage unit 11 (identification storage unit IDSTU).
  • user identifiers 40 (user identifier UID) are exchanged with the aid of the mobile communication device 20 and become between the mobile communication device 20 and the service providing device 30 bidirectional user access key 41, 42 (user access keys) exchanged.
  • Short-range communication is understood to mean any type of communication in which a communication process between the identification device 10 and the mobile communication device 20 requires that they are physically brought into a relatively small distance from each other and, optionally, also a line of sight between the two Equipment prevails and / or in particular a user brings these two facilities manually very close together, possibly up to a direct physical contact between the two institutions.
  • RFID transmitting and receiving devices are used which are physically close to the identification device 10 and the mobile communication device 20 over relatively short distances in a short-range communication can exchange data with each other.
  • Identifying means 10 e.g., in the form of a bar or dot code which is printed or also displayed on a display means such as an LCD display, or a hologram
  • biological storage of the identifier by applying DNA sequences representing the identifier to a substrate (ID storage and presentation means) on the part of the identification means 10 and reading out the DNA sequence on the mobile communication means 20 side;
  • the user identifier 40 on a separate identification device 10 in the form of a specially designed and by the user 60 in carrying out the method according to the invention to be carried with device such as an RFID card , a smart card or the like, is stored in an identifier storage device 1 1 and made available for detection by means of an identifier presentation device 12.
  • one or more biometric features of the user 60 may also fulfill the function of the user identifier 40.
  • the use of a separate identification device 10 can be dispensed with.
  • biometric features that can uniquely identify a user 60 and thus occur instead of an artificially generated user identifier 40, e.g. in question: fingerprints of a user 60, iris patterns, retinal patterns, his voice, behavior-based features of the user 60 such as e.g. his handwriting, etc.
  • Such biometric features may be detected by suitable identifier detectors 21 such as e.g. a fingerprint scanner, an iris or retina scanner, etc. are detected.
  • suitable identifier detectors 21 such as e.g. a fingerprint scanner, an iris or retina scanner, etc. are detected.
  • FIGS. 2 to 5 the interaction of the individual components shown in FIG. 1 for handling a secure short logon of a user 60 at the service provisioning device 30 will now be explained, in the case of the user side an identification device 10 provided for storing and making available a user identifier 40.
  • a user 60 has pre-registered on a computerized service portal (e.g., a financial service provider), i. that user-specific data, such as Name, address, account numbers, information on the creditworthiness, etc. of a user 60 have been previously registered in a user data storage device 34 held in the service provisioning device 30.
  • a computerized service portal e.g., a financial service provider
  • step S 1.1 the user 60 now logs in to the service providing device 30 by, for example, transmitting his user name and a previously assigned password via the mobile communication device 20 to the access control device 33 and thereby gaining access to an (Internet) service portal 36 of the service portal provider operating the service providing facility 30.
  • the user 60 can now select the "Activate shortcut" option in step S 1.2.
  • the user 60 tells the service providing device 30 that he now wishes to be able to at any time by physically approaching his identification unit 10, which preferably contains a static, in particular once impressed, identifier and his mobile communication device 20 with which he is currently the activation is to initiate a sign-on service to the service providing facility 30.
  • his identification unit 10 which preferably contains a static, in particular once impressed, identifier and his mobile communication device 20 with which he is currently the activation is to initiate a sign-on service to the service providing facility 30.
  • the service providing device 30 that the user 60 is physically approaching the identification device 10 and the mobile communication device 20 to the service provisioning device for using services of the service portal, such as a short-range communication. a settlement of non-cash payment transactions, wants to register.
  • the service provisioning device 30 after completion of the step S 1.2 preferably now specifies a time window within which the step S 1.3 can be carried out, in which the user 60 must bring his identification device 10 together with a mobile communication device 20 (eg a mobile telephone), to be able to use this mobile communication device 20 for later use in a quick logon. This process is called "activate”.
  • a mobile communication device 20 eg a mobile telephone
  • the user 60 does not necessarily have to use a mobile phone registered in advance in the service providing device 30 ("his own cell phone"), but can use any mobile communication device 20 that satisfies the technical output specifications to communicate with the identification device 10 (so in particular, a "foreign mobile phone").
  • the short-range communication means provided in the identifier presentation device 12 and in the mobile communication device 20, such as RFID transmitting and receiving devices, via standardized near field communication protocols (eg ISO 14443 A for RFID via Mifare, FeIiCa, etc. and eg ISO 18092 for NFC in dialog mode, etc.) exchange data.
  • standardized near field communication protocols eg ISO 14443 A for RFID via Mifare, FeIiCa, etc. and eg ISO 18092 for NFC in dialog mode, etc.
  • an identifier in the form of a code can be provided in an RFID transmitting device on the side of the identification device 10, which is read by means of an RFID receiving device on the side of the mobile communication device 20.
  • an identifier e.g. in the form of an optical barcode (barcode, 2D barcode, for example in the formats: Datamatrix, Semacode, BeeTagg or QR etc.) is provided on the identification device 10, and is detected for example by means of an optical barcode scanner or a camera on the part of the mobile communication device 20 ,
  • an optical barcode barcode, 2D barcode, for example in the formats: Datamatrix, Semacode, BeeTagg or QR etc.
  • a user identifier 40 is detected by the mobile communication device 20 and, optionally, combined with an individual identifier of the mobile communication device 20 (e.g., the identifier of a SIM card of a mobile phone).
  • step S 1.5 the mobile communication device 20 then transmits the user identifier 40 to the access control device 33.
  • the service providing device 30 are stored - for example, in the case of operating an Internet service portal to settle non-cash payments - for each pre-registered user whose user identifier and the associated user account information. Based on the user identifier received from the mobile communication device 20, the user account 35 (user account) belonging to the user 60 is then identified (step S 1.6). In the service provisioning device 30, it is then checked in the decision step D 1.1 whether the user account 35 exists.
  • the service providing device 30 sends a feedback message to the mobile communication device 20 in step S 1.7 that the short message could not be activated.
  • the process according to the invention ends at this point with the result that the shortcut for the user 60 could not be activated.
  • step D1 .1 If, however, it was found in step D1 .1 that the user account 35 exists, it optionally continues in step S.1.8, where a so-called activation data entry form is displayed on the display device 24 of the mobile communication device 20.
  • step S.1.3 As a precautionary measure in the event that the mobile communication device 20 has passed into the hands of an unauthorized person in the time span which has elapsed since the entry of the registration data in step S.1.3, it may optionally be provided here that the user is here once again must identify and authenticate. For this purpose, he must in step Sl .8, e.g. enter his username and personal password or a PIN again.
  • step S.19 the user indicates via the input device 25 the data again requested for his identification, which are then transmitted back from the mobile communication device (20) to the access control device 33 (step S 1.10), where in step S 1.11 is again verified in the service providing device 30, whether the activation data has been entered correctly.
  • step D 1.2 this option then checks whether the activation of the short-notice has been authorized. If not, a message is again sent from the service providing device 30 to the mobile communication device 20 and the message "short message has not been activated" is displayed on the display device 24 in step S 1.12 Result that there is no activation of the shortcut would have come.
  • step S 1.8 to D 1.2 the re-examination of the activation data (steps S 1.8 to D 1.2) ultimately to "milestone B", in which has been established is that the user account 35 is OK, and from there to step S 1.13, where on the side of the service providing device 30 now a user access key 41 is generated.
  • the path from decision step D1.1 to "milestone B" can also be direct.
  • step S 1.17 the message "Short message has been activated” is displayed (step S 1.17). This concludes the complete process of activating the shortcut ("milestone E").
  • the mobile communication device 20 has now finally been put into an activation state in which it is now possible for the mobile communication device 20 for further steps, shown in FIGS. 4 and 5, to log on to the service providing device 30 to use.
  • the actual short-notice process is started to enable, for example, a payment transaction in step S2.1.
  • a payment transaction e.g. displayed on the display device 24 is a request to the user 60 that the identification device 10 and the mobile communication device 20 are sufficiently close to start the short-enrollment process.
  • step S2.2 Such a physical approach of identification device 10 and mobile communication device 20 takes place in step S2.2.
  • step S2.3 then the user identifier 40 is again detected by the mobile communication device 20 and in step S.2.4 in this exemplary embodiment of the method, the user identifier 40 and the user access key 41 from the mobile communication device 20 to the Service providing device 30 transferred.
  • step S2.5 the user access key 41 is compared and validated with the user access key 41 previously generated for the user 60 in the service providing device 30 and stored in the user account 35.
  • step D2.1 If it is determined in decision step D2.1 that the user access key 41 is out of order, i. if it is determined when performing a comparison operation that the user access key 41 stored in the user account 35 does not match the user access key 41 currently transmitted from the mobile communication unit, then this exception is handled via the "NO" branch from the decision step D2 .1 and the user 60 receives a message "user could not be registered” on the display device 24 of the mobile communication device 20 in step S2.6, whereupon the process ends in the "milestone F".
  • step D2.1 If, on the other hand, it is determined in decision step D2.1 when carrying out the comparison operation that the user access key 41 is OK, the process continues in step S2.7, where now the user access key currently transmitted by the mobile communication device 20 is compared with the user access key the service providing unit (30) stored user access key is compared.
  • step D2.2 If it results in decision step D2.2 that the currently transmitted user access key does not match the stored user access key, the process continues in step S2.8, where the message is displayed on the mobile communication device 20 that the user is not could be logged on, whereupon the process ends in the "milestone G".
  • step D2.2 If, on the other hand, it is determined in decision step D2.2 that the user access key currently transmitted by the mobile communication device 20 is in order, then the mobile communication device 20 in step S2.9 becomes the computerized service portal 36 displayed. Then the inventive method for secure short log in "milestone H" ends with the fact that the user is logged on the service portal 36.
  • the user can now access the service portal displayed by his mobile communication device 20, and, for example, handle non-cash payment transactions or download certain contents (e.g., ringtones on a mobile phone), etc.
  • certain contents e.g., ringtones on a mobile phone
  • step S2.10 in FIG. 5 the next user access key 42 is optionally already generated again, stored in the access control device 33 in step S2.11, and transmitted to the mobile communication device 20 in step S2.12, where in step S2 .13 is stored in the mobile communication device and then the service portal 36 is displayed for the user 60 in step S2.14, whereupon the user is then logged in the "milestone J" on the service portal 36.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

L'invention concerne un procédé pour effectuer une courte ouverture de session rapide et sûre d'un utilisateur sur un portail de services assisté par ordinateur. Ces services, comme p. ex. l'exécution d'opérations de virement ou le téléchargement de contenus de données particuliers, peuvent être demandés par l'intermédiaire d'un dispositif de communication mobile. Selon l'invention, un identificateur d'utilisateur (40) est présent côté utilisateur. Cet identificateur peut se présenter p. ex. sous la forme d'une caractéristique biométrique de l'utilisateur (60) ou être stocké dans un dispositif d'identification (10) qui échange l'identificateur d'utilisateur (40) avec un dispositif de communication mobile (20) présent côté utilisateur par l'intermédiaire d'une liaison de communication locale (50), puis l'identificateur est transmis à des fins d'ouverture de session sur un portail de services assisté par ordinateur, fourni par un dispositif de fourniture de services (30), de sorte que l'utilisateur ne doit entrer désormais ni de nom d'utilisateur, ni de mot de passe personnel.
PCT/EP2008/004144 2007-05-24 2008-05-23 Procédé et système de courte ouverture de session rapide d'un utilisateur sur un portail de services au moyen d'un dispositif de communication mobile WO2008141838A2 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP08758736A EP2235659A2 (fr) 2007-05-24 2008-05-23 Procédé et système de courte ouverture de session rapide d'un utilisateur sur un portail de services au moyen d'un dispositif de communication mobile

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102007024144A DE102007024144B3 (de) 2007-05-24 2007-05-24 Verfahren und Anordnung zur schnellen Kurzanmeldung eines Benutzers an einem Diensleistungsportal mittels einer mobilen Kommunikationseinrichtung
DE102007024144.7 2007-05-24

Publications (3)

Publication Number Publication Date
WO2008141838A2 true WO2008141838A2 (fr) 2008-11-27
WO2008141838A3 WO2008141838A3 (fr) 2009-01-15
WO2008141838A9 WO2008141838A9 (fr) 2009-02-26

Family

ID=39680943

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2008/004144 WO2008141838A2 (fr) 2007-05-24 2008-05-23 Procédé et système de courte ouverture de session rapide d'un utilisateur sur un portail de services au moyen d'un dispositif de communication mobile

Country Status (3)

Country Link
EP (1) EP2235659A2 (fr)
DE (1) DE102007024144B3 (fr)
WO (1) WO2008141838A2 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010070539A1 (fr) * 2008-12-19 2010-06-24 Nxp B.V. Utilisation de carte à puce améliorée
EP3862953A1 (fr) * 2020-02-10 2021-08-11 Mastercard International Incorporated Procédé d'amélioration de la sécurité de données sensibles

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102014008419A1 (de) * 2014-06-14 2015-12-17 Manfred Rietzler Verfahren und Anordnung zur Ausführung eines digitalen Zahlungsvorgangs

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020147653A1 (en) * 2000-10-27 2002-10-10 Shimon Shmueli Account portability for computing
US20020178370A1 (en) * 1999-12-30 2002-11-28 Gurevich Michael N. Method and apparatus for secure authentication and sensitive data management
US20060015742A1 (en) * 2004-07-15 2006-01-19 Allan Camaisa System and method for blocking unauthorized network log in using stolen password
WO2006016339A1 (fr) * 2004-08-10 2006-02-16 Koninklijke Philips Electronics, N.V. Procede et systeme de commande d'ouverture de session multi-authentification
EP1675076A1 (fr) * 2004-12-21 2006-06-28 Italtel S.p.a. Système et équipement associé pour authentification personnelle et pour gérer des données dans des réseaux intégrés
US20060288233A1 (en) * 2005-04-25 2006-12-21 Douglas Kozlay Attachable biometric authentication apparatus for watchbands and other personal items

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100361490B1 (ko) * 2000-12-04 2002-11-22 엘지전자 주식회사 인터넷 tv를 이용한 인터넷 접속 방법

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020178370A1 (en) * 1999-12-30 2002-11-28 Gurevich Michael N. Method and apparatus for secure authentication and sensitive data management
US20020147653A1 (en) * 2000-10-27 2002-10-10 Shimon Shmueli Account portability for computing
US20060015742A1 (en) * 2004-07-15 2006-01-19 Allan Camaisa System and method for blocking unauthorized network log in using stolen password
WO2006016339A1 (fr) * 2004-08-10 2006-02-16 Koninklijke Philips Electronics, N.V. Procede et systeme de commande d'ouverture de session multi-authentification
EP1675076A1 (fr) * 2004-12-21 2006-06-28 Italtel S.p.a. Système et équipement associé pour authentification personnelle et pour gérer des données dans des réseaux intégrés
US20060288233A1 (en) * 2005-04-25 2006-12-21 Douglas Kozlay Attachable biometric authentication apparatus for watchbands and other personal items

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010070539A1 (fr) * 2008-12-19 2010-06-24 Nxp B.V. Utilisation de carte à puce améliorée
US20110251955A1 (en) * 2008-12-19 2011-10-13 Nxp B.V. Enhanced smart card usage
US9208634B2 (en) 2008-12-19 2015-12-08 Nxp B.V. Enhanced smart card usage
EP3862953A1 (fr) * 2020-02-10 2021-08-11 Mastercard International Incorporated Procédé d'amélioration de la sécurité de données sensibles

Also Published As

Publication number Publication date
DE102007024144B3 (de) 2009-01-08
WO2008141838A9 (fr) 2009-02-26
WO2008141838A3 (fr) 2009-01-15
EP2235659A2 (fr) 2010-10-06

Similar Documents

Publication Publication Date Title
DE60131534T2 (de) Umfassender Authentifizierungsmechanismus
EP1240631B1 (fr) Procede et systeme de transaction de paiement
EP2949094B1 (fr) Procédé d'authentification d'un usager vis-à-vis d'un distributeur automatique
DE19903822C2 (de) Verfahren zur Durchführung bargeldloser Zahlungen und System zur Durchführung des Verfahrens
DE19722424C5 (de) Verfahren zum Sichern eines Zugreifens auf ein fernab gelegenes System
WO2009003605A2 (fr) Carte prépayée ou de crédit virtuelle et procédé ainsi que système de fourniture de celle-ci et de gestion de paiement électronique
EP1784791B1 (fr) Billet electronique
AT506619B1 (de) Verfahren zur zeitweisen personalisierung einer kommunikationseinrichtung
EP1240632A1 (fr) Procede et systeme de transaction de paiement
EP1792248A1 (fr) Appareil portatif pour liberer un acces
WO2007121738A1 (fr) Procédé et dispositif de mise à disposition d'au moins une information à un appareil de communication mobile d'un utilisateur
WO2001059725A1 (fr) Procede de controle de l'identite d'un utilisateur
EP1264490A2 (fr) Procede permettant de verifier l'authenticite de l'identite d'un utilisateur de services et dispositif permettant de mettre en oeuvre ce procede
DE102011078018A1 (de) System zum Ausführen von Fernfunktionen eines Kraftfahrzeugs
EP1456822A2 (fr) Procede et systeme de deroulement de processus de verification de l'autorisation d'utilisation et / ou de paiement a l'aide d'un terminal de telephonie mobile, terminal de telephonie mobile associe, station d'interrogation, programme de commande pour un terminal de telephonie mobile et programme de
DE102007024144B3 (de) Verfahren und Anordnung zur schnellen Kurzanmeldung eines Benutzers an einem Diensleistungsportal mittels einer mobilen Kommunikationseinrichtung
EP1971108A2 (fr) Identification d'un utilisateur d'un terminal mobile et génération d'une autorisation d'action
EP1935202B1 (fr) Deblocage de cartes de telephonie mobile
EP2023281A1 (fr) Procédé destiné à la commande et au paiement d'une autorisation d'accès, à la surveillance de l'autorisation d'accès, à l'accord d'une autorisation d'accès et/ou à la préparation d'informations liées à l'accès
WO2015169803A1 (fr) Procédé de paiement en numéraire auprès d'un centre de paiement automatique
WO2015176772A1 (fr) Procédé de traitement d'une transaction
WO2014029744A1 (fr) Procédé et système pour l'exécution d'une transaction financière
WO2023272332A1 (fr) Procédé d'initiation et d'autorisation de paiements électroniques
EP1903489A1 (fr) Système et méthode de paiement pour paiement électronique
AT525223A1 (de) Verfahren zur Initiierung und Autorisierung elektronischer Zahlungen

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08758736

Country of ref document: EP

Kind code of ref document: A2

DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2008758736

Country of ref document: EP