WO2009108066A1 - Procédé et agencement pour des transactions sécurisées - Google Patents

Procédé et agencement pour des transactions sécurisées Download PDF

Info

Publication number
WO2009108066A1
WO2009108066A1 PCT/NO2009/000067 NO2009000067W WO2009108066A1 WO 2009108066 A1 WO2009108066 A1 WO 2009108066A1 NO 2009000067 W NO2009000067 W NO 2009000067W WO 2009108066 A1 WO2009108066 A1 WO 2009108066A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
credit card
service provider
receiving party
users
Prior art date
Application number
PCT/NO2009/000067
Other languages
English (en)
Inventor
Johannes H Cloosterman
Gilles Assaf
Original Assignee
Johannes H Cloosterman
Gilles Assaf
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Johannes H Cloosterman, Gilles Assaf filed Critical Johannes H Cloosterman
Publication of WO2009108066A1 publication Critical patent/WO2009108066A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/24Credit schemes, i.e. "pay after"
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/305Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wired telephone networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists

Definitions

  • the present invention relates to a method for a first time registration at a service provider, a method for subsequent use and an arrangement utilising said method for secure transactions utilising telephone.
  • the secure communication device includes a host processor, a secure memory that includes a laser-scribed encryption key, a non secure memory for storing encrypted data.
  • a users ' sensitive data is encrypted within the secure memory using the laser-scribed encryption key and stored as encrypted data in the non-secure memory.
  • An encrypted credit card number and an encrypted secret key is retrieved from the non-secure memory, the encrypted credit card and secret key are decrypted with the laser-scribed encryption key, the credit card number is encrypted with a session key, and the encrypted credit card number is transferred over the network to a destination such as an internet vendor.
  • the GB 2 438 284 A teaches how to use biometric voice data to authenticate persons, i.e. map a known voice with a corresponding credit card to be used at a specified user account.
  • biometric voice data i.e. map a known voice with a corresponding credit card to be used at a specified user account.
  • a merchant has to apply either in a written application or over internet to create an account.
  • the teaching of the document is directed towards professional users such as merchants, hence the registration process is to cumbersome and further includes unnecessary information.
  • the problems indicated above is met by a method for first time registration at a service provider for a first user where the first user has a telephone and at least a credit card.
  • the method comprises the steps of: a) The first user calls a service number provided by the service provider from his telephone. b) Receiving at the service provider a call from the first user. c) At the receiving party or on behalf of the receiving party performing an ID check of the users' ID-number d) The receiving party establishes the ID-number as a users' number. e) The receiving party invites the user to submit his credit card number. f) The user submits his credit card number. g) The receiving party receives the credit card number from the user.
  • the receiving party executes a verification check of the received credit card number or is provided with a verification of the received credit card number. If the check turns out to be OK then; the service provider will initiate an encryption algorithm where the credit card number is used as an entry number to the encryption algorithm and the output of the encryption algorithm is an alias number representing the credit card number which is mapped to the user number, or if the check reveals that something is wrong with the credit card number the service provider will reject the user.
  • a method for subsequent use of the service from a service provider for a first user where the first user has a telephone, at least a credit card, and is registered as a user at the service provider and where the method comprises the steps of: a) The first user calls a service number at the service provider from his telephone. b) Receiving at the service provider a call from the first user. c) At the receiving party or on behalf of the receiving party performing an ID check of the users' ID-number. d) If the check indicates that the calling party is registered at the receiving party then provide a requested service to the calling party.
  • an arrangement for first time registration at a service provider for a first user where the first user has a telephone and at least a credit card and where the arrangement at least comprises the following means, means for establishing a call from the first user to a number provided by the service provider from the users telephone, means for performing an ID check of the users' ID-number at the receiving party or means for performing an ID check of the users' ID-number on behalf of the receiving party, means configured to establish the ID-number as a users' number at the receiving party, means configured to execute a verification check or verification of a received credit card number at the receiving party or at credit card company and means configured to initiate an encryption algorithm where the credit card number is used as an entry number to the encryption algorithm and means configured to output an alias number from the encryption algorithm representing the credit card number which is mapped with the user number.
  • the user enters charge card, debit card, payment card credit card or bank account information manually and/or orally using his telephone.
  • the provider of the processing and payment service checks if charge card, debit card, payment card credit card and/or bank account information from the user is valid. If the users' charge card, debit card, payment card credit card and/or bank account is valid then the provider of the processing and payment service is tagging the charge card, debit card, payment card credit card and/or bank account with a unique serial number and/or the users' voice and ID-number, are mapped and stored in database.
  • the provider of the processing and payment service blacklists and/or blocks the users charge card, debit card, payment card credit card and/or bank account in the provisioning of the processing and payment services system after a predefined number of attempts. f) If the users' charge card, debit card, payment card credit card and/or bank account were valid then the provider of the processing and payment service requests the user to authorize for a single transaction or multiple transactions.
  • the wording telephone or telephone terminal is explicitly mentioned in the following, it is to be interpreted as any known telephone device that has a kind of keyboard facilitating input of numbers and further where the entered numbers are given unambiguous meanings, i.e. the numbers can be verified and understood by a receiving party. This will then include both mobile phones and landline phones.
  • the wording user shall be interpreted in its widest sense as any party, being a single person or a group of persons that tries to use or uses one or more services according to the present invention. In practice the user will normally be a calling party and if accepted he or them will be a customer. The word user may be used interchangeably with the word calling party.
  • the wording credit card is used for ease of understanding and to increase readability and any type of credit cards, bonus cards, debit cards, "plastic cards", customer cards, charge cards, payment cards, bank account, customer account or subscription account shall be included in the definition of credit card if nothing else is explicitly indicated. Consequently, the wording credit card number shall be interpreted in the same broad sense that is credit card number includes credit card numbers, bonus card numbers, debit card numbers, "plastic card numbers”, customer card numbers, charge card numbers, payment card numbers, bank account numbers, customer account numbers or subscription account numbers. Any person skilled in the art will realise that some of the steps for verification of correctness of credit cards may be superfluous for bank accounts, debit cards, charge cards etc.
  • wording service provider is written it shall be interpreted as any provider of services or goods that utilizes a method or arrangement according to the present invention.
  • the wording service provider may be interchanged with the wording receiving party wherever the use of the wording receiving party is more natural.
  • a service provider may provide services on a "real time basis" such as telephone and/or data services or parking services which both necessitates particular solutions due to their nature of real time use and "payment for used amount".
  • a service provider according to the present invention may also provide any type of goods that can be delivered to a customer/user or any type of consultant services.
  • Typical services can be, but is not limited to, medical services such as telephone consultancy, travel services, hotel bookings, air ticket bookings, event bookings, rent of cars, data and telephony services, bank and finance advisory, insurance consultancy, supply of goods such as brown goods, white goods, data equipment etc.
  • medical services such as telephone consultancy, travel services, hotel bookings, air ticket bookings, event bookings, rent of cars, data and telephony services, bank and finance advisory, insurance consultancy, supply of goods such as brown goods, white goods, data equipment etc.
  • A-number, telephone number, SIM, IMSI, IMEI number, device's MAC number (for example; 00:01 :E3:B0:C4:C6), in the context of this invention is to be interpreted as an A-number and/or SIM and/or IMSI and/or IMEI number in its traditional meaning as well as any number that unambiguously indicates the number of the calling party to the called party i.e. the service provider.
  • the wording ID number may also be used in place of A-number and/or SIM and/or IMSI and/or IMEI number, and/or device's MAC number.
  • the A- number and/or SIM and/or IMSI and/or IMEI number, and/or device's MAC number may also be used as a customer/user number in the context of the present invention.
  • Authenticating authority in the context of the present invention shall be interpreted as any person, tool or authority that is considered as a trusted party by a service provider according to the present invention for authenticating the originator of one or more voice stamps.
  • the wording check or checking shall be interpreted generically so as to include the meaning of the words verify or verification in addition to its normal literal meaning.
  • Different services may require different levels of security for the user, cheap services such as parking services on a real time basis or telephone services may not require a high degree of security, whereas services that deal with transfer of valuable goods, services or money transfers may require the highest degree of security.
  • the present invention may be adopted to suit any of these security levels in that it is disclosed a payment processing method, solely using mobile/cell or landline -phones incorporating a choice of multi level security, operating independently from credit card processors and credit card issuers, debit card companies and/or banks.
  • the services according to the present invention is a method and arrangement that facilitates use of credit cards for a person having access to a telephone fig 1.
  • the user may use the service by calling a service number; input his credit card details, where the service provider checks the credit card and the ID-number (A-number and/or SIM and/or IMSI and/or IMEI number, and/or device's MAC number). The user will then be rejected or accepted. If he is accepted he may then start to use the services provided by the service provider.
  • the service provider may request a voice stamp from the user and in its most secure version the method and arrangement according of the present invention may include that a user delivers a voice stamp with a witness present.
  • the witness may be a notary publicus, a bank officer, a lawyer or any other witness or tool trusted by the service provider such as an automatic code generator.
  • One object according to the present invention is to make available safe, single micro payment purchases as well as larger payment transactions for purchase of products or services, using a credit card or bank account through voice instructions using a phone.
  • the invention significantly surpasses existing security measurements from established credit card collecting and issuing organizations, including banks.
  • A- Number ID i.e. user phone number/country code, and/or SIM and/or IMSI and/or IMEI number, and/or device's MAC number original country of issue and/or SIM and/or IMSI and/or IMEI, and/or device's MAC number as well original country of issue of credit card or bank organization (ISO code) and making a voice stamp verification. All these parameters must match the user ' ID-number (A-number ID and/or SIM and/or IMSI and/or IMEI number, and/or device's MAC number) of the respective country.
  • the stolen credit card in questions is not only blocked, but the problems are tackled at its roots, it may permanently block the perpetrator as well as the perpetrators phone number and/or SIM and/or IMSI and/or IMEI number, and/or device's MAC number from entering and/or using other credit cards and/or accounts not yet reported stolen and/or abused.
  • the system can send automatic email response to money processing organizations informing of the fraud attempt in progress including the phone number and/or SIM and/or IMSI and/or IMEI number, and/or device's MAC number of the perpetrator. This chain of measurements virtually eliminates repeated misuse from acknowledged perpetrators and discourages fraud at the outset.
  • 02.02 18: 13:02 Approving ID-number i. e. A-nr/Caller ID Country calling from and/or SIM and/or IMSI and/or IMEI number and its country code ID , and/or device's MAC number ⁇
  • the first step takes place at 18:13:02 and the final step takes place at 18:14:27, thus the first time registration may be swift and efficient.
  • the first time registration may be swift and efficient.
  • one may encounter different scenarios for a first time user, subsequent use, change of credit card details, change of ID-number and deletions of user data.
  • a user calls a service number from a telephone.
  • the service provider receives the call from the calling party.
  • the service provider performs checks/verification of the calling party's ID, i.e. ID-number (telephone number, A-number and/or SIM and/or IMSI and/or IMEI number, and/or device's MAC number).
  • ID-number telephone number, A-number and/or SIM and/or IMSI and/or IMEI number, and/or device's MAC number
  • the check is executed by accessing a database that includes tables of number configurations and associated countries as well as a table of registered users; however the latter is not of current interest since it is a first time registration.
  • the service provider is then provided with originating country and the information further enables the service provider to store the calling party's ID-number as a User number/customer number in a data base. If the checks turn out to reveal inconsistent parameters, the user may receive appropriate information. This information may include an invitation to call back or
  • the calling party may be invited to choose a preferred language or state his/her name, country of residence, prior to further continuation.
  • the result of the optional language choice can be stored in a register that associates the language with the calling party's user number/customer number. This can be a first step of creating a user profile for the calling party at the service provider.
  • the user provides the choice of language to the service provider either as a key in choice on his keyboard and/or orally if the service provider is equipped with voice recognition tools.
  • the next step may comprise an invitation from the service provider to the user to submit his credit card number (i.e. credit card number includes credit card numbers, bonus card numbers, debit card numbers, "plastic card numbers", customer card numbers, charge card numbers, payment card numbers, bank account numbers, customer account numbers or subscription account numbers).
  • credit card number includes credit card numbers, bonus card numbers, debit card numbers, "plastic card numbers", customer card numbers, charge card numbers, payment card numbers, bank account numbers, customer account numbers or subscription account numbers).
  • the service provider While the calling party enters his credit card number the service provider will forward the credit card number, preferably substantially in real time, to a credit card company or to a data base for verification. Further the calling party will be instructed to enter expiry dates, if existent, and optionally one or more security codes such as CVC codes. All the recorded data will be checked against tables that comprises appropriate data/credit card information. If the check reveals that the credit card user has entered wrong digits or other information, he will be invited to re-enter the number for a predefined number of times, for example three times. If there still is a mismatch after three times the service provider will initiate appropriate actions.
  • actions may include terminating the call; it may be to inform a credit card company or any other third party to whom it may concern, or it may simply be to inform the calling party that the session will be terminated and that he will be invited to call back or forward to helpdesk.
  • the service provider may use the provided information, that is, the user ID and the "wrongly entered" number as information for future use.
  • the service provider may store this information; the user will then have a user number/customer number associated with an invalid card.
  • the card turns out to be blocked due to misuse, a number of actions may be initiated.
  • the session with the calling party will obviously be terminated with or without an information message from the service provider.
  • the service provider will preferably map user information with credit card details in his register. The service provider may then use the mapped information for blocking the user for future use for a predefined period of time. If such registration does not take place the service provider will nevertheless, detect future attempts of misuse of blocked credit cards by the checks indicated above.
  • the service provider may provide relevant credit card company with user number and/or the number of the credit card.
  • the service provider may also inform governmental institutions such as police about the attempt to misuse the credit card.
  • the service provider will preferably encrypt, or, in some other way, transform the credit card number to a serial number.
  • the serial number will then be mapped to the associated user number in a register accessible to the service provider.
  • the number transformation is an important security feature that ensures that any association between mapped personal information and credit card information is inaccessible to a hostile attacker/ a hacker.
  • the step of transformation may take place at this step in the registration procedure or in a previous or subsequent step; the importance of all this is to avoid storing real credit card numbers and particularly to store real credit card numbers associated to real persons.
  • a user calls a service number from a telephone.
  • the service provider receives the call from the calling party.
  • the service provider performs checks/verification of the calling party's ID, i.e. ID-number (telephone number, A-number and/or SIM and/or IMSI and/or IMEI number, and/or device's MAC number).
  • ID-number telephone number, A-number and/or SIM and/or IMSI and/or IMEI number, and/or device's MAC number
  • the check is executed by accessing a customer/user-register using the information inherent in the callers ID- number.
  • the service provider is then provided with originating country. If the checks turn out to reveal that something is wrong, the user may receive appropriate information. This information may include an invitation to call back or forward to helpdesk.
  • the next step may comprise an invitation from the service provider to the user to submit his credit card number.
  • the user may be invited to use his previously registered credit card details.
  • the user may respond to the invitation to approve use of his registered card by entering a predefined keyboard combination and/or user specific keyboard combination.
  • the service provider will forward the credit card number, or more precisely, preferably the serial number linked to the credit card number, preferably substantially in real time, to a credit card company or to a data base for verification and possibly for a reservation of an amount. If the check reveals that the credit card user has entered wrong keyboard combination he will be invited to re- enter the keyboard combination for a predefined number of times, for example three times. If there still is a mismatch after three times the service provider will initiate appropriate actions.
  • actions may include to terminate the call; it may be to inform a credit card company or any other third party to whom it may concern or it may simply be to inform the calling party that the session will be terminated and that he will be invited to call back, alternatively to call back or, to forward to a service-desk/help- desk to sort out the problems.
  • the user may simply have forgotten his user specific code.
  • the service provider may use the provided information, that is, the user ID-number and the "wrong entered" number as information for future use.
  • Such "use per time” or usage services may include, but are not limited to “telephony services, parking services, consultant services” among others.
  • telephony- or other telecom- service a scenario may be as follows:
  • the service provider will be able to initiate certain counter actions. It is obvious to the person skilled in the art that some of these actions may include those described in the previous section of first time registration. If the card turns out to be invalid the calling party will be informed and the requested services will not be delivered by the service provider. Further the service provider may store this information; the user will then have a user number/customer number (ID-number) associated with an invalid card. If the card turns out to be blocked due to misuse a number of actions may be initiated. The session with the calling party will obviously be terminated with or without an information message from the service provider. The service provider will preferably map user information with credit card details in his register. The service provider may then use the mapped information for blocking the user for future use and or blocking use of the credit card for a predefined period of time.
  • the level of security was not optimal.
  • the smartness of the second mode as compared to the first mode is the use of voice stamp for verification of a link between a person and a credit card. Further, use of voice stamp will facilitate some procedures for a method and arrangement for secure transactions. A basic idea behind this mode is that a user more often has access to telephones than to computers, further having access to a phone facilitates use of voice stamp as compared to computers.
  • the steps for a first time registration may include the following steps;
  • a user calls a service number from a telephone.
  • the service provider receives the call from the calling party.
  • the service provider performs checks/verification of the calling party's ID, i.e. ID-number.
  • the check is executed by accessing a database that includes tables of number configurations and associated countries as well as a table of registered users; however the latter is not of current interest since it is a first time registration.
  • the service provider is then provided with originating country and the information further enables the service provider to store the calling party's ID i.e. his ID-number as a User number/customer number in a data base. If the checks turn out to reveal that something is wrong, the user may receive appropriate information. This information may include an invitation to call back or forward to helpdesk.
  • the calling party may be invited to choose a preferred language for further prosecution.
  • the result of the optional language choice can be stored in a register that associates the language with the calling party's user number/customer number and/or SIM and/or IMSI and/or IMEI number, and/or device's MAC number. This can be a first step of creating a user profile for the calling party at the service provider.
  • the user provides the choice of language to the service provider either as a key in choice on his keyboard and/or orally.
  • the orally delivered choice may be used as a voice stamp for the user.
  • the service provider may invite the calling party to indicate his choice of language by giving him a number of choices and asking him to clearly speak out his choice, e.g. Dutch, French etc. This step may be swapped in the different steps for registering a credit card.
  • the next step may comprise an invitation from the service provider to the user to submit his credit card number.
  • the user will respond by entering his credit card number using his telephone keyboard and or by spelling it out orally.
  • the service provider While the calling party enters his credit card number the service provider will forward the credit card number, preferably substantially in real time, to a credit card company or to a data base for verification. Further, the calling party will be instructed to enter expiry dates, if existent, and optionally one or more security codes such as CVC codes. All the recorded data will be checked against tables that comprises appropriate data/credit card information. If the check reveals that the credit card user has entered wrong digits he will be invited to re-enter the numbers for a predefined number of times, for example three times. If there still is a mismatch after three times the service provider will initiate appropriate actions.
  • actions may include terminating the call; it may be to inform a credit card company or any other third party to whom it may concern or, it may simply be to inform the calling party that the session will be terminated and that he will be invited to call back or forward to helpdesk.
  • the service provider may use the provided information, that is, the users' ID-number and the "wrongly entered" number as information for future use.
  • the card turns out to be blocked due to misuse a number of actions may be initiated.
  • the session with the calling party will obviously be terminated with or without an information message from the service provider.
  • the service provider will preferably map user information with credit card details in his register. The service provider may then use the mapped information for blocking the user for future use for a predefined period of time. If such registration does not take place the service provider will nevertheless, detect future attempt(s) misusing blocked credit cards by the checks indicated above. Additionally the service provider may provide the relevant credit card company with user ID-number and/or the number of the credit card. Moreover, the service provider may also inform governmental institutions such as police about the attempt to misuse the credit card.
  • the service provider will preferably encrypt or in some other way transform the credit card number to a serial number.
  • the serial number will then be mapped to the associated user number and the voice stamp in a register accessible to the service provider.
  • the transformation algorithm used in this second mode for carrying out the invention may be the same as the one used in the first mode for carrying out the invention.
  • the steps indicated in this mode of the invention ensure a higher level of security for a user than the first mode.
  • the connection between a credit card and a voice is secure, however, there is no explicit verification of the identity of the user, that is, it is not verified that the voice stamp belongs to the identity the user passes on.
  • the level of security is "one" step above the first mode of the invention. Furthermore, he will realise that misuse of an established customer relationship will be very difficult.
  • a user calls a service number from a telephone.
  • the service provider receives the call from the calling party.
  • the service provider performs checks/verification of the calling party's ID, i.e. ID-number .
  • the check is executed by accessing a customer/user-register using the information inherent in the callers ID-number .
  • the service provider is then provided with originating country. If the checks turn out to reveal that something is wrong, the user may receive appropriate information. This information may include an invitation to call back or forward to helpdesk.
  • the next step may comprise an invitation from the service provider to the user to submit his credit card number.
  • the user may be invited to use his previously registered credit card.
  • the user may respond to the invitation to use his registered card by entering a predefined keyboard combination and/or user specific keyboard combination or by orally indicating so.
  • the service provider may proceed by taking for granted that the previous registered credit card is the default card for use.
  • the step includes an oral response from the customer, the service provider may use this oral response as verification for the connection between the user - voice stamp - credit card.
  • this step includes; providing a voice stamp from the user, a random PIN code, voice instructed by the service provider, must be repeated and/or entered by the user.
  • the method checks and verifies; a) the voice-stamp with the called caller ID, and/or b) the originally registered caller ID and voice-stamp. c) the voice-stamp with the called caller ID and/or SIM and/or IMSI and/or IMEI number, and/or device's MAC number. d) the originally registered caller ID and voice-stamp and/or SIM and/or IMSI and/or IMEI number, and/or device's MAC number.
  • the service provider will forward the credit card number or more precisely, preferably the serial number linked to the credit card number, preferably substantially in real time, to a credit card company or to a data base for verification and possibly for a reservation of an amount.
  • the user submits a voice sample in place of user defined keyboard combinations, hence this will make the steps of re-entering codes superfluous. Nonetheless the voice sample will be used as a search entry for search through a customer register. If the search reveals that the credit card user has delivered a wrong voice sample he may be invited to deliver a new voice sample for a predefined number of times, for example three times. It should however be noted that it is very rare that a voice sample delivered from an identified person does not correspond to his registered voice stamp. Hence redelivering of voice samples is therefore unlikely and the option of redelivering may be omitted. If there still is a mismatch the service provider will initiate appropriate actions.
  • actions may include to terminate the call or service; it may be to inform a credit card company or any other third party to whom it may concern or, it may simply be to inform the calling party that the session will be terminated and that he will be invited to call back, alternatively, forward to a service-desk/help-desk to sort out the problems.
  • the service provider may use the provided information, that is, the user ID i.e. ID-number and the "wrong delivered" voice sample as information for future use.
  • a preset amount of money may be reserved dependent on the service ordered, provided that acceptance where given by the appropriate instances such as credit card companies.
  • the service is opened to the user. The following steps will be similar to those described for the first mode for carrying out the invention.
  • the level of security was not at a maximum for all types of use, even though it was higher than what is common from e-commerce.
  • the smartness of the third mode as compared with the previous mode is the use of an authenticating authority that will authenticate that a voice stamp belongs to the right person.
  • the difference between the second mode for carrying out the invention and the third mode for carrying out the invention lies in the first time registration process. This third mode of the invention renders it almost impossible to misuse a credit card by a person not being the rightful owner of said credit card.
  • the step may include the following, the user wants to take advantage of a very secure service according to this third mode of the invention, he will then contact a service provider and be instructed to consult a particular office or one or more particular persons. He will further be instructed to bring along accepted identity papers such as passport. At the authenticating office he will be asked to identify himself, thereafter to deliver a voice stamp under witness of at least one person trusted by the service provider. According to one aspect of the invention this trusted person or persons may be trusted by a central or official authority hence giving the voice stamp a very official status.
  • a library of voice stamps can be stored in a secure database.
  • the main purpose according to the third mode in order to carry out the invention is, to make sure that the person who addresses services according to the present invention incorporating secure transactions, is to verify the person he claims to be. Provided that the registration process under witness and with the ID cards is trustworthy, the connection between voice stamp and identity is a 100 percent full-proof.
  • the user may call a service number in the same way as for the first time registration under the second mode for carrying out the invention.
  • the service provider may copy a sample of the voice stamp to his own register or he may access the database comprising the voice stamp each time a person delivers a voice sample.
  • the user will have an "account" similar to the one for the second mode. The only difference is that the user's identity is positively verified and further one may instead of storing voice samples only store a link/pointer to the users authenticated voice stamp.
  • Subsequent use after a first time registration at a service provider and after having registered a voice stamp at a trusted authority is very similar to the use indicated for the second mode.
  • the only difference may be that the voice stamp is optionally stored at a remote/central database, hence in stead of accessing a local voice stamp for comparison between a delivered voice sample and a voice stamp the service provider may have to provide the voice stamp to the remote/central database for comparison or the remote/central database provides the service provider with the appropriate voice stamps on requests.
  • the arrangement and method for secure transaction may as indicated above, accept or reject a user prior to entering the system.
  • selective caller identification i.e. ID-number (A-number or caller ID and/or SIM and/or IMSI and/or IMEI number, and/or device's MAC number)
  • countries being allowed or not allowed are filtered by accepting or rejecting callers ID-number (caller ID and/or SIM and/or IMSI and/or IMEI number, and/or device's MAC number).
  • callers ID-number caller ID and/or SIM and/or IMSI and/or IMEI number, and/or device's MAC number
  • the rejected caller will receive a voice message, informing of the reject and subsequent blocking, both, in the callers original language and in English. Consecutive call attempts from the rejected caller to enter the system result in busy signals.
  • ID-numbers give extra advantages as compared with traditional services for e-commerce, because, after a user has entered his credit card information, his ID-number, from the calling country, may be compared to the original country of issue of the credit card or bank account. Thereafter, either accepting a transaction for further processing or rejecting. For example; the method determines whether a Norway issued credit card and/or bank account may be used in or for one or more transactions with or to Nigeria, or vice versa. Likewise, the method may block and/or put on hold transfer from a bank account to certain countries and send an email and/or text message such as SMS warning prior to and/or after transfer.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Finance (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne un procédé et un agencement destinés à un paiement et à un traitement de paiement hautement sécurisés, à l'aide d'une carte de crédit ou d'un compte bancaire. Le procédé et l'agencement permettent de commander un enregistrement pour utiliser un paiement et traiter un système de paiement à l'aide d'une carte de facturation, d'une carte de débit, d'une carte de paiement, d'une carte de crédit et/ou d'un compte bancaire, un utilisateur utilisant un téléphone mobile/téléphone cellulaire, ou un téléphone fixe, pour appeler un numéro de service particulier ou un numéro d'accès attribué hébergé par le fournisseur du service de traitement et de paiement.
PCT/NO2009/000067 2008-02-29 2009-02-26 Procédé et agencement pour des transactions sécurisées WO2009108066A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
NO20081076 2008-02-29
NO20081076 2008-02-29

Publications (1)

Publication Number Publication Date
WO2009108066A1 true WO2009108066A1 (fr) 2009-09-03

Family

ID=40662985

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/NO2009/000067 WO2009108066A1 (fr) 2008-02-29 2009-02-26 Procédé et agencement pour des transactions sécurisées

Country Status (1)

Country Link
WO (1) WO2009108066A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109840757A (zh) * 2018-12-13 2019-06-04 深圳市佰仟金融服务有限公司 一种还款方法及还款管理设备
CN109978602A (zh) * 2019-02-27 2019-07-05 许灵辉 一种劳务服务系统
US11321689B2 (en) 2019-10-14 2022-05-03 Mastercard International Incorporated System and method for securely transacting over a landline

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5371797A (en) * 1993-01-19 1994-12-06 Bellsouth Corporation Secure electronic funds transfer from telephone or unsecured terminal
JP2002216181A (ja) 2001-01-22 2002-08-02 Nippon Signal Co Ltd:The 施設利用システム
US20020152178A1 (en) 2001-04-12 2002-10-17 M-Commerce Co., Ltd. Credit card transaction authentication system and method using mobile terminal
US6996547B1 (en) 2000-09-27 2006-02-07 Motorola, Inc. Method for purchasing items over a non-secure communication channel
EP1708473A1 (fr) * 2004-01-20 2006-10-04 Kamfu Wong Systeme comptable informatique dote d'un verrou, concu pour etre utilise dans une banque, et procede correspondant mis en oeuvre pour un paiement securise par telephone
US20060224508A1 (en) * 2005-04-05 2006-10-05 Fietz Guy D Online debit cardless debit transaction system and method
US7127427B1 (en) * 1999-10-05 2006-10-24 Andrew Casper Secure transaction processing system and method
US20070174186A1 (en) * 2004-03-18 2007-07-26 Sean Hokland Authenticated and distributed transaction processing
GB2438284A (en) 2006-05-11 2007-11-21 Jonathan Nicolas Ogden Payment authorisation using voice biometric

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5371797A (en) * 1993-01-19 1994-12-06 Bellsouth Corporation Secure electronic funds transfer from telephone or unsecured terminal
US7127427B1 (en) * 1999-10-05 2006-10-24 Andrew Casper Secure transaction processing system and method
US6996547B1 (en) 2000-09-27 2006-02-07 Motorola, Inc. Method for purchasing items over a non-secure communication channel
JP2002216181A (ja) 2001-01-22 2002-08-02 Nippon Signal Co Ltd:The 施設利用システム
US20020152178A1 (en) 2001-04-12 2002-10-17 M-Commerce Co., Ltd. Credit card transaction authentication system and method using mobile terminal
EP1708473A1 (fr) * 2004-01-20 2006-10-04 Kamfu Wong Systeme comptable informatique dote d'un verrou, concu pour etre utilise dans une banque, et procede correspondant mis en oeuvre pour un paiement securise par telephone
US20070174186A1 (en) * 2004-03-18 2007-07-26 Sean Hokland Authenticated and distributed transaction processing
US20060224508A1 (en) * 2005-04-05 2006-10-05 Fietz Guy D Online debit cardless debit transaction system and method
GB2438284A (en) 2006-05-11 2007-11-21 Jonathan Nicolas Ogden Payment authorisation using voice biometric

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109840757A (zh) * 2018-12-13 2019-06-04 深圳市佰仟金融服务有限公司 一种还款方法及还款管理设备
CN109978602A (zh) * 2019-02-27 2019-07-05 许灵辉 一种劳务服务系统
US11321689B2 (en) 2019-10-14 2022-05-03 Mastercard International Incorporated System and method for securely transacting over a landline

Similar Documents

Publication Publication Date Title
US9870453B2 (en) Direct authentication system and method via trusted authenticators
CA2662033C (fr) Systeme et procede d'autorisation de transaction
US8407112B2 (en) Transaction authorisation system and method
US7360694B2 (en) System and method for secure telephone and computer transactions using voice authentication
US20060106699A1 (en) System and method for conducting secure commercial order transactions
US20060173776A1 (en) A Method of Authentication
MX2011002067A (es) Sistema y metodo de transacciones de pago seguras.
US20110103586A1 (en) System, Method and Device To Authenticate Relationships By Electronic Means
US20100179906A1 (en) Payment authorization method and apparatus
US20090150248A1 (en) System for enhancing payment security, method thereof and payment center
JP2006073022A (ja) 私的で安全な金融取引システム及び方法
KR101002010B1 (ko) 스마트 카드를 이용한 결제 시스템 및 그 방법
US20180183805A1 (en) System and method of authorization of simple, sequential and parallel requests with means of authorization through previously defined parameters
KR20010087564A (ko) 개인 휴대단말기를 이용한 사용자 인증 처리 시스템 및 그방법
US20020078360A1 (en) Method of conducting transactions
WO2009108066A1 (fr) Procédé et agencement pour des transactions sécurisées
KR100818793B1 (ko) 전화를 이용한 오토콜시스템 및 그 시스템을 이용한금융거래방법
GB2476054A (en) Voice authentication of bill payment transactions
GB2438284A (en) Payment authorisation using voice biometric
KR20000024353A (ko) 다수의 가입자 카드 또는 식별 도구 사용을 단일화 하기위한 방법 및 그 처리 체계
Sharma et al. Secure branchless banking
JP2001243391A (ja) クレジットカード決済システム
RU2256216C2 (ru) Система оплаты услуг в телекоммуникационной сети
KR20040068445A (ko) 휴대폰 승인번호를 이용한 신용/현금 카드 사용승인 처리방법 및 시스템
WO2006055002A1 (fr) Systeme et procede d'execution de transactions commerciales securisees

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09714059

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09714059

Country of ref document: EP

Kind code of ref document: A1