WO2009009852A2 - Système et procédé pour transférer des crédits à l'aide d'un dispositif mobile - Google Patents

Système et procédé pour transférer des crédits à l'aide d'un dispositif mobile Download PDF

Info

Publication number
WO2009009852A2
WO2009009852A2 PCT/BR2008/000209 BR2008000209W WO2009009852A2 WO 2009009852 A2 WO2009009852 A2 WO 2009009852A2 BR 2008000209 W BR2008000209 W BR 2008000209W WO 2009009852 A2 WO2009009852 A2 WO 2009009852A2
Authority
WO
WIPO (PCT)
Prior art keywords
credit
mobile device
payee
otp
password
Prior art date
Application number
PCT/BR2008/000209
Other languages
English (en)
Other versions
WO2009009852A3 (fr
Inventor
Mara Regina Morelli
Fabrizio Vargas De Moraes
Original Assignee
Itautec S.A. - Grupo Itautec
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Itautec S.A. - Grupo Itautec filed Critical Itautec S.A. - Grupo Itautec
Publication of WO2009009852A2 publication Critical patent/WO2009009852A2/fr
Publication of WO2009009852A3 publication Critical patent/WO2009009852A3/fr

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • G06Q20/3263Payment applications installed on the mobile devices characterised by activation or deactivation of payment capabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • G06Q20/065Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3223Realising banking transactions through M-devices
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/203Dispensing operations within ATMs

Definitions

  • the present invention refers to a system for transferring credits that is implemented by data handling equipment, and more particularly refers to the transference of credits using processing resources present in mobile devices such as cellular telephones, handheld computers and palm tops.
  • the payer uses his/her magnetic card at a terminal, and must also insert/inform his/her PIN number; furthermore, the method includes the insertion of complementary information such as a name, a secret password having 6 or more digits, the amount to be transferred, the name of the payee, the address of the payee, the number of the account to be debited, etc.
  • the terminal Upon the payer having confirmed such data, that is displayed onscreen, the terminal prints a record of the transaction wherein is included a reference number generated at the terminal and which will be informed to the payee together with the secret password and the amount of the transfer. With this information, the payee uses an ATM to withdraw the funds, without needing to use a card. Still according with the above mentioned document, the payer's account will only be debited upon withdrawal of the corresponding amount by the payee.
  • one object of the present invention consists in the provision of a credit transfer system able to provide enhanced security protection against interception as compared with the systems known in the art, in addition to obviating the need of magnetic cards of any type, or equivalent means such as optical cards, induction cards or cards equipped with chips, in order to use the credit.
  • One other object consists in the provision of a credit transfer system capable of being used in a wide variety of situations, comprising the withdrawal of cash at an automatic teller (ATM), at the teller office of a financial institution, or yet in a transaction conducted at a point of sale of a commercial establishment.
  • ATM automatic teller
  • a system that comprises means to allow a payer to access a financial credit institution, a credit authorization unit, a mobile communications device carried by a payee, a specific application provider, a password validation unit, at least one location where the credit is made available and data communication means interconnecting all the elements that constitute the system.
  • the said financial credit institution may consist in a bank, a credit cooperative, a mutual assistance institution, a credit card management entity, etc.
  • the said mobile device consists in an electronic apparatus intended for personal use, provided with means to process application software programs stored in a memory.
  • the said electronic apparatus for personal use consists in a cellular telephone, a handheld computer, a palm top or similar device.
  • the use of the credit is released by means of a single instance password (OTP - one time password).
  • such single instance password - OTP - can only be generated solely and exclusively at that exact moment, by the software application installed in the payee's mobile device, upon the insertion of the payee's personal password.
  • This password is not transmitted by any means of communication, either public or proprietary.
  • the use of the credit by the payee is conditional upon the activation of the respective mobile device, the said activation comprising the generation, by the said software application, of a registration code which in addition to being stored in the memory of the said mobile device, is transmitted to a password validation unit and stored therein.
  • the said registration code is used by the cited validation unit to authenticate the single instance password OTP.
  • Figure 3 is a flow diagram whereby is illustrated a first part of the presently proposed method, comprising the provision of availability of credit transactions by the initiative of the payer.
  • Figure 4 there is illustrated the part of the system that participates in the process of activation of a mobile device, according to the principles of the invention.
  • Figure 5 is a flow diagram whereby is illustrated the second part of the presently proposed method, to wit, the process of activation of a mobile device intended for the personal use of the payee.
  • Figure 7 is a flow diagram whereby is illustrated the third part of the presently proposed method, to wit, the process of provision of the transfer of credit to the payee.
  • the proposed system consists, on the payer's side, of means to access the financial institution where the payer keeps an account, such access being possibly provided by communication equipment, selected among a group that comprises a cellular telephone 10, a wired fixed- line telephone 11, a computer 12 with means to access the Internet, where the said account holder may further present him or herself at an agency of the said institution or use an ATM teller 13.
  • communication equipment selected among a group that comprises a cellular telephone 10, a wired fixed- line telephone 11, a computer 12 with means to access the Internet, where the said account holder may further present him or herself at an agency of the said institution or use an ATM teller 13.
  • the system further comprises a public communication network 14, able to transmit voice and data by means of a physical line or via radio / cellular communication, a mobile device carried by the payee, which in the present example consists in a cellular telephone 15, a specific software application provider 16 enabled with means for external access from the said public network, a password validation unit which may consist in data processing equipment 17 able to be accessed from the said public network, as well as a credit authorization unit 18 associated to the financial entity wherein the payer holds an account, where the said authorization unit controls, by means of a data communications network, a plurality of financial service terminals 19 and 20.
  • the said terminals may be connected by means of a specific network, such as, for example: X25, frame relay, ISDN, ADSL or equivalent.
  • such terminals are represented by ATM's - automatic teller machines, that is, self-service electronic terminals - however, such terminals may consist in bank branch tellers, checkout counters or points of sale in shops, supermarkets or equivalent establishments, etc., where the places where such terminals are located are generically designated as "credit availability provision locations".
  • the system uses other software applications, comprising among others, the payees recording software, the communication software and the software for access via radio, etc.
  • the presently illustrated system may be split into various modules, each module corresponding to a given functionality.
  • Such functionalities comprise the following: - Registration of one or more payees at the financial institution, performed by the holder of the account; Registration and activation of the cellular apparatus of the payee; Funds transfer transaction.
  • Fig. 2 shows, in the form of a block diagram, the units of the system that participate in the first of the above functionalities, which consists in the registration of one or more payees.
  • the process that corresponds to this functionality is illustrated by the flow diagram of Fig. 3, the first part of the method, which consists in the process of provision of availability of credit transactions, including therein the registration of payees.
  • the payer accesses the services of a credit authorization institution, by means of a connection established using a cellular telephone 10, a fixed line telephone 11 , a computer terminal 12, an ATM terminal 13 or any other means allowing access to the data or voice communications network 14.
  • Such payer may be an individual or an institution that owns credits or values at a credit authorization institution, where the latter may consist in a bank, a financial credit entity, a credit cooperative, a credit card management entity, etc.
  • the payer requests, by means of a menu or by another means, a credit transfer service to a certain payee. If the latter has not yet been registered at the authorizing institution, the payer provides the necessary data for registration, and the said data is entered into the database of the said institution. More specifically, the database may be comprised in an authorization unit 18. Once registered, the system checks whether the mobile device of the payee was activated, and if it was not activated, it sends a message (dashed line in Fig.
  • Fig. 4 there are illustrated, by means of a block diagram, the system units that participate in the activation of the payee's mobile unit, where the corresponding process is that which is detailed in the flow diagram of Fig. 5.
  • the process of activation takes place upon the receipt, by the payee, of a message (dashed line) issued by the credit authorization institution or by the OTP password authorization means, requesting the payee to perform the activation process steps.
  • the initial step comprises the copying of the specific software application stored in the provider 16, where the said copy may be provided by means of any digital medium that allows the transfer of information, such as a CD-ROM, the Internet or a digital radio communications link.
  • this copy is loaded directly to the mobile device by means of a wireless connection.
  • the specific software application should be installed in the mobile device and initialized.
  • Such initialization comprises the reception of an initialization code supplied by the OTP password authorization means 17, and the said reception may be effected automatically by means of a radio connection between the mobile device and the said OTP password authorization means by means of the communication network 14.
  • the payee shall be due to obtain the initialization code using any means of communication, such as by e-mail, letter, facsimile, telephone, Internet, WAP network or SMS, entering this code manually in the mobile device.
  • the payee defines a personal numeric or alphanumeric password, that is also keyed in the mobile device upon being requested by the specific software application.
  • This data is processed by the mobile device in accordance with the instructions comprised in the specific software application, further combining unique data such as the date and time as well as, optionally, the number that identifies the processor chip of the said device, and there is thereby generated a registration code.
  • This code in addition to being stored in the memory of the mobile device 15, is transmitted to the OTP password authorization means 17 by a data transmission means using a radio communication link, a WAP connection or SMS.
  • the OTP password authorization means Upon receiving the said code, the OTP password authorization means generates, using software associated with the specific application, a verification code that is returned to the mobile device, such that the software application installed in the mobile device may be able to confirm the correct reception of the registration code by the OTP password authorization means.
  • OTPs single instance passwords
  • the said single-use password (OTP) may only be recognized by an OTP password authorization means 17 wherein the information of that device (15) were already previously registered.
  • Fig. 6 illustrates the system units activated during the performance of the credit utilization transaction by the payee, where the corresponding process is that which is shown in the flow diagram of Fig. 7.
  • the payee will receive a notification (dashed line in Fig. 6) regarding the existence of a certain amount sent by the payer.
  • the said notification can be transmitted using any means of communication, comprising the mobile device 15 itself, a fixed line telephone, a message sent via facsimile, etc.
  • the payee will proceed to the location where the credit is to be made available, which location may consist in an ATM 19, a teller desk at a bank or a credit institution, a point of sale terminal, etc. Subsequently, the payee accesses the authorization institution and requests a part or the whole amount of the credit, using the mobile device for that purpose. The institution responds to the request by checking whether the mobile device has been activated, and in the affirmative, requests a single-use password OTP. Otherwise, the institution requests the payee to activate his or her mobile device (Fig- 5).
  • the payee runs the specific software application in the mobile device 15, and during that operation the payee keys in his or her personal password.
  • the payee may also key in the amount of the transaction or other information pertaining thereto. Such information is used together with the data comprised in the registration code and other confidential information stored in the memory of the mobile device, in order that the software application may generate an OTP password that is displayed on the display screen of the said device.
  • this TOP password is valid for one sole transaction only, and should also be used within a certain delay.
  • the sending of the OTP password to the authorizing institution may be performed by keying the same in an ATM terminal, a terminal in a teller desk of a financial institution or a point of sale terminal, or yet by automatic transmission via a wireless link or by SMS. It should be pointed out that, although an OTP password transmitted via wireless link is subject to interception, it will not be able to be used by the interceptor, since as it is a single use password, the very event of reception thereof by the credit authorization institution blocks any subsequent attempt of reutilization thereof.
  • the authorization institution Upon receiving the OTP password, the authorization institution requests the respective credit authorization unit 18 to send the OTP password to the OTP authorization means 17 which determines the authenticity thereof, using the data comprised in the registration code stored in its memory.
  • this information is transmitted to the authorization unit 18 which releases the credit at the location where the same is to be made available, and the said credit may be used either entirely or partially. If there occurs an error in the sending of the OTP password to the authorization institution, the credit is not released, and this fact may be informed to the payee by means of a message displayed on the display means of the ATM or the terminal.
  • the system can be programmed to initiate one or several repetitions of this part of the process, or to block any new attempt to use the credit.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Finance (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne un système et un procédé pour transférer des crédits à l'aide d'un dispositif mobile, utilisant les ressources fournies par des réseaux de communication sans fil et les ressources de traitement présentes dans des dispositifs mobiles tel que des téléphones cellulaires, des ordinateurs de poche, des ordinateurs portatifs et des dispositifs similaires. Le système comprend une unité d'autorisation de crédit (18), un fournisseur (16) comprenant une mémoire capable de stocker au moins une application logicielle spécifique capable de générer des mots de passe à usage unique (OTP) ainsi que des moyens pour transférer ladite application logicielle à la mémoire d'un dispositif mobile (15) porté par un bénéficiaire, et aussi une unité d'authentification (17) de mot de passe à usage unique (OTP). Ledit dispositif mobile comprend des moyens pour traiter des programmes logiciels et des données, ainsi qu'une possibilité d'établir des liaisons de communication sans fil. Le procédé comprend le chargement dans ledit dispositif mobile (15) d'un logiciel capable de générer des mots de passe à usage unique (OTP) sur la base de données exclusives du bénéficiaire, ces données pouvant en outre comprendre la valeur du crédit utilisé et d'autres informations. Le crédit peut être utilisé à un endroit où le crédit doit être rendu disponible, comprenant un guichet automatique bancaire (ATM), un terminal de point de vente, un comptoir de caissier d'une institution financière ou similaire.
PCT/BR2008/000209 2007-07-19 2008-07-21 Système et procédé pour transférer des crédits à l'aide d'un dispositif mobile WO2009009852A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
BRPI0703112-2 2007-07-19
BRPI0703112-2A BRPI0703112A2 (pt) 2007-07-19 2007-07-19 sistema e método para transferência de créditos com uso de dispositivo móvel

Publications (2)

Publication Number Publication Date
WO2009009852A2 true WO2009009852A2 (fr) 2009-01-22
WO2009009852A3 WO2009009852A3 (fr) 2009-11-12

Family

ID=40260115

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/BR2008/000209 WO2009009852A2 (fr) 2007-07-19 2008-07-21 Système et procédé pour transférer des crédits à l'aide d'un dispositif mobile

Country Status (2)

Country Link
BR (1) BRPI0703112A2 (fr)
WO (1) WO2009009852A2 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010101476A1 (fr) 2009-03-02 2010-09-10 Encap As Procédé et programme informatique pour générer et vérifier un mot de passe à usage unique entre un serveur et un dispositif mobile utilisant plusieurs canaux
WO2016014125A1 (fr) 2014-07-21 2016-01-28 Ebay Inc. Retrait d'espèces sécurisé sans carte

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001031840A1 (fr) * 1999-10-29 2001-05-03 Nokia Corporation Procede et dispositif d'identification fiable d'un utilisateur dans un systeme informatique
US20030204725A1 (en) * 2002-04-26 2003-10-30 Masayuki Itoi Method and system for verifying identity
US20040139014A1 (en) * 2003-01-09 2004-07-15 Yuh-Shen Song Anti-fraud remote cash transaction system
US20060136739A1 (en) * 2004-12-18 2006-06-22 Christian Brock Method and apparatus for generating one-time password on hand-held mobile device
EP1772832A1 (fr) * 2004-07-30 2007-04-11 José Ignacio Bas Bayod Procede pour effectuer des transactions de paiement securisees, au moyen de telephones mobiles

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001031840A1 (fr) * 1999-10-29 2001-05-03 Nokia Corporation Procede et dispositif d'identification fiable d'un utilisateur dans un systeme informatique
US20030204725A1 (en) * 2002-04-26 2003-10-30 Masayuki Itoi Method and system for verifying identity
US20040139014A1 (en) * 2003-01-09 2004-07-15 Yuh-Shen Song Anti-fraud remote cash transaction system
EP1772832A1 (fr) * 2004-07-30 2007-04-11 José Ignacio Bas Bayod Procede pour effectuer des transactions de paiement securisees, au moyen de telephones mobiles
US20060136739A1 (en) * 2004-12-18 2006-06-22 Christian Brock Method and apparatus for generating one-time password on hand-held mobile device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010101476A1 (fr) 2009-03-02 2010-09-10 Encap As Procédé et programme informatique pour générer et vérifier un mot de passe à usage unique entre un serveur et un dispositif mobile utilisant plusieurs canaux
NO332479B1 (no) * 2009-03-02 2012-09-24 Encap As Fremgangsmåte og dataprogram for verifikasjon av engangspassord mellom tjener og mobil anordning med bruk av flere kanaler
WO2016014125A1 (fr) 2014-07-21 2016-01-28 Ebay Inc. Retrait d'espèces sécurisé sans carte
US9536240B2 (en) 2014-07-21 2017-01-03 Paypal, Inc. Secure cardless cash withdrawal
US10853778B2 (en) 2014-07-21 2020-12-01 Paypal, Inc. Secure cardless cash withdrawal

Also Published As

Publication number Publication date
BRPI0703112A2 (pt) 2009-07-21
WO2009009852A3 (fr) 2009-11-12

Similar Documents

Publication Publication Date Title
RU2698767C2 (ru) Обработка аутентификации удаленной переменной
CA2838655C (fr) Systeme et procede pour l'execution d'operations financieres a l'aide d'un dispositif mobile
US9699183B2 (en) Mutual authentication of a user and service provider
JP5241736B2 (ja) ショートメッセージを使用して通信端末を通じて認証を行うための方法及びシステム
CN111357025A (zh) 安全qr码服务
MX2011002067A (es) Sistema y metodo de transacciones de pago seguras.
ZA200407610B (en) System and method for secure credit and debit card transactions.
US20120303527A1 (en) Process and host and computer system for card-free authentication
EP2171661A2 (fr) Procédé et système pour le paiement simple et sûr au moyen d'un terminal mobile
WO2004049621A1 (fr) Systeme d'authentification et d'identification et transactions utilisant un tel systeme d'authentification et d'identification
WO2008015637A2 (fr) Procédé et système de paiement mobile
KR20070097874A (ko) 이동통신 단말기를 이용하는 직불결제 서비스 시스템
WO2008052592A1 (fr) Utilisation en toute sécurité des cartes bancaires et système associé
KR20080022828A (ko) 금융상품 가입 처리방법
KR20080009242A (ko) 이동통신 단말기를 이용하는 직불결제 서비스 시스템
WO2009009852A2 (fr) Système et procédé pour transférer des crédits à l'aide d'un dispositif mobile
TWM637453U (zh) 基於晶片金融卡的fido身分驗證系統
JP7461241B2 (ja) 顧客情報管理サーバ及び顧客情報の管理方法
WO2005109998A2 (fr) Systeme de facturation pour commandes par telephone, et procede associe
KR20170077459A (ko) 금융 서비스 제공 시스템 및 금융 서비스 제공 방법
KR20050010606A (ko) 서비스 등록정보의 도용방지방법 및 그 시스템
KR101008933B1 (ko) 폰빌 신용등급 기반 소액대출을 이용한 지불결제 처리방법및 시스템
RU2351984C2 (ru) Способ снятия денежных средств из банкомата без использования пластиковой карты посредством платежного поручения через службу смс
AU2016259435A1 (en) A system and method for facilitating finacial transactions
KR20090115086A (ko) 휴대폰간 이체 수수료 처리 시스템

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08783103

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08783103

Country of ref document: EP

Kind code of ref document: A2