WO2010140970A1 - Procédé permettant de réaliser des transactions sécurisées - Google Patents

Procédé permettant de réaliser des transactions sécurisées Download PDF

Info

Publication number
WO2010140970A1
WO2010140970A1 PCT/SE2010/050614 SE2010050614W WO2010140970A1 WO 2010140970 A1 WO2010140970 A1 WO 2010140970A1 SE 2010050614 W SE2010050614 W SE 2010050614W WO 2010140970 A1 WO2010140970 A1 WO 2010140970A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
predefined
identity
server
unique
Prior art date
Application number
PCT/SE2010/050614
Other languages
English (en)
Inventor
Stefan Hultberg
Magnus Westling
Original Assignee
Accumulate Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=43243857&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=WO2010140970(A1) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Accumulate Ab filed Critical Accumulate Ab
Priority to EP10783667.8A priority Critical patent/EP2438560A4/fr
Priority to CN2010800244720A priority patent/CN102460491A/zh
Publication of WO2010140970A1 publication Critical patent/WO2010140970A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3227Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices

Definitions

  • the present invention relates generally to transactions, and particularly to secure transactions utilizing a portable radio communication device, such as a mobile phone, personal digital assistant, portable computer or similar.
  • a portable radio communication device such as a mobile phone, personal digital assistant, portable computer or similar.
  • An object of the present invention is thus to provide secure transactions for portable radio communication devices.
  • a secure transaction is achieved.
  • the transaction identity is kept unique only during a specific transaction, whereby the necessary amount of transaction identities can be kept very low at the predefined transaction server, being limiting only for handling parallel transactions at the predefined transaction server.
  • the unique transaction identity is preferably created by the predefined transaction server upon request from the first transaction part, which provides for an assured solution for the first transaction part.
  • the transaction identity is created by the second transaction part, which facilitates the transaction for the first transaction part.
  • a predefined transaction identity is preferably used for e.g. Internet bank login.
  • the verification is preferably performed by entering a personal identification number (PIN) in the portable radio communication device, which PIN is selected during installation of user transaction software.
  • PIN personal identification number
  • Fig. 1 schematically shows communication between transaction parts according to an embodiment of the present invention.
  • Fig. 2 schematically shows communication between a plurality of transaction parts according to an embodiment of the present invention.
  • Fig. 3 schematically shows the steps of a method for secure transactions according to an embodiment of the present invention.
  • the first step is to install 1 a user transaction software in a portable communication device 10 of a first transaction part in a secure way, wherein a user is identified in a secure way and tied to the installation.
  • One secure way is to, at e.g. a bank office or other known part, install the user transaction software in the portable radio communication device of the first transaction part or give a memory card or similar device having an installation program for the first transaction part thereon.
  • the identity of the owner of the portable radio communication device is checked in connection with the installation or delivery of the user transaction software transaction program. Instead of checking the identity directly at a bank office or other known part e.g. a registered letter sent to the intended user can be used to verify the identity of the intended user.
  • the user transaction software is connected to an account at the bank or other part, such as a credit card account, a user account, an electronic wallet, etc.
  • Another secure way to install the user transaction software is to, at e.g. an authenticated Internet bank office or similar part, through a secure connection, e.g. a https connection, install the user transaction software in the portable radio communication device of the first transaction part.
  • the identity of the owner of the portable radio communication device is checked in connection with the installation through e.g. PIN.
  • the user transaction software is connected to an account at the bank or other part, such as a credit card account, a user account, an electronic wallet, etc .
  • the user transaction software is arranged to communicate with a predefined transaction server 12, of a plurality of transaction servers, when secure transactions are performed.
  • Information of which account a user transaction software is connected to can be predefined directly at the predefined transaction server or be accessed by the predefined transaction server from the first transaction part whenever a transaction is to take place. Account balance and similar checks are preferably performed prior to any finalization of a transaction.
  • a mobile phone number is preferably given to the distribution site, which in response thereto sends a text message, such as an
  • SMS with a download URL to that mobile phone number, i.e. a so called over the air installation (OTA installation) .
  • OTA installation over the air installation
  • the user transaction software is installed in the mobile phone.
  • an activation code given by the distribution site, is entered.
  • a PIN is also required to be entered to run the application.
  • the transaction comprises the following steps.
  • the user of the portable radio communication device i.e. the first transaction part, selects a "transaction" section of the user transaction software to connect the first transaction part to the predefined transaction server.
  • the first transaction part 10 activates itself, through an encoded/encrypted wireless communication, on the predefined transaction server 12, which predefined transaction server 12 thereby puts the first transaction part 10 in an active transaction state on the predefined transaction server 12.
  • the first transaction part 10 preferably stays in the active transaction state on the predefined transaction server 12 until the first transaction part 10 requests a non-active transaction state.
  • the first transaction part 10 will be put into a non-active transaction state by the predefined transaction server 12 after a time-out.
  • the predefined transaction server 12 could also put the first transaction part 10 in a non-active state after finalization of a transaction.
  • the first transaction part thereafter initiates the transaction by requesting 2, through an encoded/encrypted wireless communication, a transaction identity of the predefined transaction server.
  • the wireless communication can e.g. be performed through GPRS, 3G data, Wi-Fi or WiMAC, all of which could have some kind of built-in identity verification, and even infrared or Bluetooth, which however are anonymous and could require some added identity verification.
  • the predefined transaction server responds by sending 14 a transaction identity to the first transaction part, which transaction identity is unique during the whole transaction but is preferably reusable after finalization of the transaction, advantageously directly after finalization of the transaction, i.e. when the transaction receipt has been sent.
  • the predefined transaction server 12 then announces the transaction identifier to an intermediate transaction router 17.
  • This announcement may optionally comprise a link to the predefined transaction server, apart from the transaction identity relating to a transaction associated with the first transaction part.
  • the transaction identity in this case relates to a transaction which the first transaction part is in the process of engaging in.
  • the predefined transaction server 12 creates a transaction identifier it could request the intermediate transaction router 17 to create a transaction identifier, witch thereafter is sent to the first transaction part.
  • An advantage of having the intermediate transaction router to create the transaction identifier is that two different transaction servers do not risk of creating the same transaction identifier, which could be mixed up at the intermediate transaction router.
  • the transaction servers creates the transaction identifiers they are preferably restricted to a defined interval, whereby the intermediate transaction router can make sure that two different transaction servers do not create the same transaction identity.
  • the first transaction part enters 3 the returned transaction identity at the merchant secure Internet site 11, i.e. the second transaction part 11.
  • the second transaction part 11 connects to a known transaction partner 16, such as a POS terminal, of a plurality of possible transaction partners, to activate itself on the predefined transaction server 12.
  • a known transaction partner 16 such as a POS terminal
  • the second transaction part does not know how to directly communicate with the predefined transaction server, but only the intermediate transaction router 17. Therefore a device 16 of the second transaction part connects to the intermediate transaction router 17. It therefore sends a verification request to the intermediate transaction router 17 concerning the received transaction identifier for verifying the first transaction part.
  • the request is here a request intended for the unknown predefined transaction server 12.
  • This verification request is then received by the intermediate transaction router 17, which goes on and identifies the predefined transaction server 12 based on the transaction identity indicated in the verification request. It then routes this request to predefined transaction server 12. In fact, from this point forward it routes all communication regarding the transaction involving the transaction identity between the predefined transaction server 12 and the second transaction part, for allowing the second transaction part to communicate with the predefined transaction server for verification of the use of the transaction identity.
  • the predefined transaction server 12 receives the verification request from the intermediate transaction router 17. It also receives information of the transaction connected to the transaction identity, preferably encrypted.
  • the intermediate transaction router 17 is utilized to connect the predefined transaction server 12 and the known transaction partner 16, such that the second transaction part 11 can activate itself thereon.
  • the second transaction part 11 activates itself on the predefined transaction server 12, which predefined transaction server 12 thereby puts the second transaction part 11 in an active transaction state on the predefined transaction server 12.
  • the second transaction part thereafter sends 4, 15 information of the transaction connected to the transaction identity to the predefined transaction server 12, preferably encrypted.
  • the activation and the following information of the transaction could also be performed in one action, such that the sending of information of the transaction to the predefined transaction server also puts the second transaction part in an active transaction state on the predefined transaction server.
  • Transaction information from the second transaction part that is sent with a transaction can vary, but typically includes the name of the second transaction part and the transaction amount, and possibly also the product name, at a purchase.
  • the name of the second transaction part could alternatively be extracted from the login of the second transaction part to the system instead of being sent together with the transaction, to ensure that such information is not distorted. This is usually performed via a landline, but could also be performed via wireless communication.
  • the second transaction part has previously registered an account at the predefined transaction server, in a way similarly performed for the first transaction part. Account information or similar information of the first transaction part is not necessary to give to the second transaction part and vice versa, since such information is known by the predefined transaction server, and such information should thus not be given to the second transaction part and vice versa.
  • the predefined transaction server 12 identifies the first transaction part by the unique transaction identity sent by the second transaction part and preferably requests 5, through an encoded/encrypted wireless communication, a verification by the first transaction part of the transaction information connected to the transaction identity.
  • the user transaction software requests 6 e.g. a PIN as verification of the transaction information, such as name of the second transaction part and transaction amount.
  • the verification is returned, through an encoded/encrypted wireless communication, to the predefined transaction server connected to the transaction identity.
  • the predefined transaction server After verification from the first transaction part the predefined transaction server finalizes 7 the transaction connected to the unique transaction identity and sends a transaction receipt to both the first transaction part, through an encoded/encrypted wireless communication, and the second transaction part.
  • the transaction is only finalized provided that the accounts of both the first transaction part and the second transaction part accept the transaction.
  • the transaction has been described with a portable radio communication device as the first transaction part and a merchant as the second transaction part.
  • the merchant requests a unique transaction identity of the intermediate transaction router, in this case preferably through a land line.
  • the merchant request a unique transaction identity of a transaction server of its own, which thereafter is announced on the intermediate transaction router.
  • the unique transaction identity is then communicated to the portable radio communication device from the merchant, which portable radio communication device activates itself on the predefined transaction server with the unique transaction identity it has received from the merchant.
  • the predefined transaction server thereafter announces this unique transaction identity on the intermediate transaction router, such that it can connect the portable radio communication device and the merchant thereon.
  • information of the transaction connected to the unique transaction identity is again sent from merchant to the predefined transaction server, which, by wireless communication, sends the information of the transaction connected to the unique transaction identity to the portable radio communication device.
  • the transaction connected to the unique transaction identity is still verified at the portable radio communication device by a user verification, which verification connected to the unique transaction identity is sent to the predefined transaction server.
  • the transaction connected to the unique transaction identity is thereafter finalized based on the information of the transaction and the unique transaction identity, and a transaction receipt of the finalized transaction is sent from the predefined transaction server to the first and second transaction parts.
  • both transaction parts have individually put themselves in an active transaction state on the predefined transaction server. Without both transaction parts in the active transaction state the transaction will not be finalized.
  • a similar method can be used for e.g. Internet bank login, or other kinds of secure login or secure authentication.
  • a predefined identity is utilized, known by both the first transaction part, the predefined transaction server and the intermediate transaction router, such as a social security number, account number or similar.
  • the user of the first transaction part preferably enters this predefined identity at the second transaction part and thereby initiates the login at the second transaction part.
  • the first and second transaction parts are e.g. equipped with electronic communication means, providing the possibility for the first transaction part to enter the predefined identity at the second transaction part without the user needing to perform it manually.
  • the user of the first transaction part also selects a "secure login" section of the user transaction software to connect the portable radio communication device to the predefined transaction server and thereby puts the first transaction part in an active transaction state on the predefined transaction server.
  • the second transaction part connects to a known transaction partner, such as a POS terminal, to activate itself on the predefined transaction server.
  • An intermediate transaction router 17 is utilized to connect the predefined transaction server 12 and the known transaction partner 16, such that the second transaction part 11 can activate itself thereon.
  • After receiving the predefined identity at the second transaction part the second transaction part puts itself in an active transaction state on the predefined transaction server and requests a verification connected to the login of the predefined transaction server, based on the predefined identity.
  • the predefined transaction server checks that the portable radio communication device corresponding to the predefined identity is connected to the predefined transaction server, at least by checking that the first transaction part is in an active transaction state on the predefined transaction server.
  • the predefined transaction server preferably additionally requests a verification connected to the login from the first transaction part, or alternatively checks that the portable radio communication device of the first transaction part is on, which is performed without any active action by the user thereof.
  • the verification in the portable radio communication device is e.g. a PIN.
  • the predefined transaction server will when both transaction part are in the active state, or after verification when used, send a verification to the second transaction part confirming that the portable radio communication device has been verified, which will allow log in of the first transaction part into the second transaction part. In this case no PIN of other password has been transferred via the Internet connection. Further, the PIN has not been transferred between the predefined transaction server and the second transaction part. The second part is only receives a confirmation that the identification is verified. Transactions at the second transaction part can hereafter be performed as previously described.
  • the intermediate transaction router 17 has been described as connecting the predefined transaction server 12 and the known transaction partner 16, and it can also connect a plurality of predefined transaction servers 12 and a plurality of known transaction partners 16. Further, there can also exist a plurality of intermediate transaction routers, typically an intermediate transaction router per country.
  • Examples of different transaction are e.g. point of sales (POS) transaction, person to person (P2P) transfer, micro payments, person to machine (vending machine) transaction, secure identification, electronic identification, secure authentication, etc.
  • POS point of sales
  • P2P person to person
  • micro payments person to machine
  • secure identification electronic identification
  • secure authentication etc.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

La présente invention concerne un procédé permettant de réaliser une transaction sécurisée au moyen d'un dispositif de communication radio portable (10). Dans ce procédé, les deux parties impliquées dans la transaction sécurisée sont protégées contre les actions frauduleuses, entre autres par l'utilisation d'une identité de transaction commune sur un serveur de transaction prédéfini.
PCT/SE2010/050614 2009-06-04 2010-06-04 Procédé permettant de réaliser des transactions sécurisées WO2010140970A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP10783667.8A EP2438560A4 (fr) 2009-06-04 2010-06-04 Procédé permettant de réaliser des transactions sécurisées
CN2010800244720A CN102460491A (zh) 2009-06-04 2010-06-04 用于安全交易的方法

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE0950411A SE533422C2 (sv) 2009-06-04 2009-06-04 Metod för säkra transaktioner
SE0950411-9 2009-06-04

Publications (1)

Publication Number Publication Date
WO2010140970A1 true WO2010140970A1 (fr) 2010-12-09

Family

ID=43243857

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2010/050614 WO2010140970A1 (fr) 2009-06-04 2010-06-04 Procédé permettant de réaliser des transactions sécurisées

Country Status (4)

Country Link
EP (1) EP2438560A4 (fr)
CN (1) CN102460491A (fr)
SE (1) SE533422C2 (fr)
WO (1) WO2010140970A1 (fr)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB201105765D0 (en) 2011-04-05 2011-05-18 Visa Europe Ltd Payment system
CN105830107A (zh) 2013-12-19 2016-08-03 维萨国际服务协会 基于云的交易方法和系统
US9922322B2 (en) 2013-12-19 2018-03-20 Visa International Service Association Cloud-based transactions with magnetic secure transmission
EP3146747B1 (fr) 2014-05-21 2020-07-01 Visa International Service Association Authentification hors ligne
US9775029B2 (en) 2014-08-22 2017-09-26 Visa International Service Association Embedding cloud-based functionalities in a communication device
US20160148202A1 (en) * 2014-11-26 2016-05-26 Mastercard Asia Pacific Pte. Ltd. Methods and Systems for Processing Transactions, Based on Transaction Credentials
BR112018076196A2 (pt) 2016-07-11 2019-03-26 Visa International Service Association método, e, dispositivos de comunicação portátil e de acesso.

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001063375A2 (fr) * 2000-02-27 2001-08-30 Adamtech Ltd. Systeme et procede de transaction mobile
US6889325B1 (en) * 1999-04-28 2005-05-03 Unicate Bv Transaction method and system for data networks, like internet
US20050187873A1 (en) * 2002-08-08 2005-08-25 Fujitsu Limited Wireless wallet
EP1772832A1 (fr) * 2004-07-30 2007-04-11 José Ignacio Bas Bayod Procede pour effectuer des transactions de paiement securisees, au moyen de telephones mobiles
WO2009012731A1 (fr) * 2007-07-26 2009-01-29 Direct Pay, S.R.O. Procédé pour effectuer une transaction de paiement à l'aide d'un terminal mobile
WO2010032216A1 (fr) * 2008-09-19 2010-03-25 Logomotion, S.R.O. Systeme d'application de paiement electronique et procede d'autorisation de paiement

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1922623A (zh) * 2004-02-17 2007-02-28 富士通株式会社 无线钱包
US20050227218A1 (en) 2004-03-06 2005-10-13 Dinesh Mehta Learning system based on metadata framework and indexed, distributed and fragmented content
US7577616B2 (en) * 2005-12-07 2009-08-18 Xi Zhu Method and apparatus of secure authentication and electronic payment through mobile communication tool
US20070255662A1 (en) * 2006-03-30 2007-11-01 Obopay Inc. Authenticating Wireless Person-to-Person Money Transfers

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6889325B1 (en) * 1999-04-28 2005-05-03 Unicate Bv Transaction method and system for data networks, like internet
WO2001063375A2 (fr) * 2000-02-27 2001-08-30 Adamtech Ltd. Systeme et procede de transaction mobile
US20050187873A1 (en) * 2002-08-08 2005-08-25 Fujitsu Limited Wireless wallet
EP1772832A1 (fr) * 2004-07-30 2007-04-11 José Ignacio Bas Bayod Procede pour effectuer des transactions de paiement securisees, au moyen de telephones mobiles
WO2009012731A1 (fr) * 2007-07-26 2009-01-29 Direct Pay, S.R.O. Procédé pour effectuer une transaction de paiement à l'aide d'un terminal mobile
WO2010032216A1 (fr) * 2008-09-19 2010-03-25 Logomotion, S.R.O. Systeme d'application de paiement electronique et procede d'autorisation de paiement

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP2438560A1 *

Also Published As

Publication number Publication date
CN102460491A (zh) 2012-05-16
EP2438560A4 (fr) 2014-04-30
EP2438560A1 (fr) 2012-04-11
SE0950411A1 (sv) 2010-09-21
SE533422C2 (sv) 2010-09-21

Similar Documents

Publication Publication Date Title
US11151543B2 (en) Methods for secure transactions
EP2438560A1 (fr) Procédé permettant de réaliser des transactions sécurisées
US20120072309A1 (en) method for secure transactions
US20120078752A1 (en) Transaction identified handling system
WO2010140972A1 (fr) Procédé pour réaliser des transactions sécurisées
US20120078800A1 (en) Method for secure transactions

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201080024472.0

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10783667

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2010783667

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 9910/CHENP/2011

Country of ref document: IN