WO2014048457A1 - Method of authorizing mobile payments - Google Patents

Method of authorizing mobile payments Download PDF

Info

Publication number
WO2014048457A1
WO2014048457A1 PCT/EP2012/068919 EP2012068919W WO2014048457A1 WO 2014048457 A1 WO2014048457 A1 WO 2014048457A1 EP 2012068919 W EP2012068919 W EP 2012068919W WO 2014048457 A1 WO2014048457 A1 WO 2014048457A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
mobile radio
radio equipment
transaction
service provider
Prior art date
Application number
PCT/EP2012/068919
Other languages
French (fr)
Inventor
Mattia FOGLIACCO
Original Assignee
Iiinnovation S.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Iiinnovation S.A. filed Critical Iiinnovation S.A.
Priority to PCT/EP2012/068919 priority Critical patent/WO2014048457A1/en
Publication of WO2014048457A1 publication Critical patent/WO2014048457A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation

Definitions

  • the credit card is put into a card reader that is capable of accessing the data stored on the credit card.
  • This object is solved according to the invention by a method of authorizing mobile pay- ments according to claim 1 and a system for authorizing mobile payments according to claim 15.
  • a method of authorizing mobile payments by means of a mobile radio equipment is provided.
  • a point of sales unit is provided with a first message including payment credentials by the mobile radio equipment.
  • a transaction identification code is generated by the point of sales unit or by the mobile radio equipment and forwarding the transaction identification code included in a second message to a service provider unit.
  • a fourth message is sent as an authorization indication from the service provider unit to the mobile radio equipment via an authentication network.
  • a payment is authorized based on the transaction identification code by sending an authorization message from the mobile radio equipment to a service provider unit.
  • a payment to the point of sales is allowed if the service provider has received an authorizing message.
  • a payment is authorized based on the transaction identification code by sending an authorization or a denial message from the mobile radio equipment to a service provider unit.
  • a transaction authorization code and a transaction denial code is sent from the service provider unit to the mobile radio equipment via the authentication network, based on which the mobile radio equipment respectively sends the authorization or denial message to the service provider unit.
  • the invention also relates to a system for authorizing mobile payments, comprising at least one mobile radio equipment, a point of sales unit; a service provider unit.
  • the point of sales unit is adapted to receive a first message including payment credentials by the mobile radio equipment to generate a transaction identification code and to forward the transaction identification code included in a second message to a service provider unit.
  • Said service provider unit is adapted to send a fourth message as an authorization indica- tion to the mobile radio equipment via an authentication network.
  • the mobile radio equipment is adapted to authorize a payment based on the transaction identification code by sending an authorization message from the mobile radio equipment to a service provider unit.
  • the service provider unit is adapted to allow a payment to the point of sale unit if it has received an authorizing message.
  • the present invention deals with these last aspects, regardless of the way the security issues are dealt with.
  • Fig. 2 shows the main steps of an exemplary implementation of the method according to a first embodiment of the present invention.
  • Fig. 3A shows a block diagram of the environment of the present invention according to a first embodiment
  • Fig. 1 shows an exemplary environment in which the present invention can be used. Accordingly, Fig. 1 shows an authentication network 101 , a mobile radio equipment 103 like a smart phone, a Point of Sale 112, and a service provider unit 114.
  • the mobile radio equipment 103 comprises a long range communication module 104 for cellular communication (e.g., GSM, CDMA, UMTS, LTE) and a subscriber identity module 106, which are typical of the cellular environment.
  • the mobile radio equipment 103 further comprises an accounts data module 108 and a short range communication module 110 to implement a contactless credit card.
  • the accounts data module 108 shown in Fig. 1 can in practice be part of said secure element.
  • the accounts data module 108 can reside on the UICC, where the subscriber identity module 106 resides, can be implemented on an SD Memory card, or can be embedded in the mobile radio equipment.
  • the accounts data module 108 it does not matter where the accounts data module 108 resides, as the present invention only requires that some data relevant to the account to charge can be accessed. To access those data, some interfaces, protocols, and applications, that are dependent on the chosen alternative architecture, are needed, but their design and development is common practice for those skilled in the art. These are not shown in Fig. 1 for the sake of simplicity.
  • the accounts data module 108 can comprise interfaces and applications allowing data to be exchanged with the short range communication module 110.
  • the accounts data module 108 can optionally also be connected to the long range communication module 104.
  • the long range communication module 104 is connected to the authentication network 101 , through a wireless connection 102, in particular a cellular connection, and to the subscriber identity module 106, through wired connection 105.
  • the long range communication module 104 can be connected to the short range communication module 110 through wired connection 107, to allow data transfer from the long range connection 102 to the short range connection 111.
  • the long range communication module 104 includes the applications needed to process the messages, in particular the requests for payment authorizations, coming from the service provider 114.
  • All the four modules shown inside the mobile radio equipment 103 can have connections to the human interface of the mobile radio equipment 103 for inputting data and commands.
  • the short range communication module 110 can provide connections outside the mobile radio equipment 103, and, in particular, it is coupled to the Point of Sale 112 through wireless or wired connection 111.
  • the Point of Sale 112 communicates, through wired or wireless connection 113, with the service provider 114, which is also connected to the authentication network 101 , through wire or wireless connection 115.
  • the Point of Sale 112 includes a terminal or module 1 2a for communicating with the short range communication module 110 via the short range connection 111 and a terminal or module 112b for communicating with the service provider 114 via the connection 113.
  • the subscriber identity module 106 in the mobile radio equipment 103 comprises the customer credentials to access the authentication network 101. By means of those credentials the customer is authenticated by the authentication network 101. With that authentication, the mobile radio equipment 103 is allowed to access the authentication network 101 and to setup data connections with it via the wireless connection 102.
  • the accounts data module 108 is apt to be supplied with the data of at least one financial account (credit card accounts, debit card accounts, ...) that is managed by the service provider 114.
  • the subscriber holding the mobile radio equipment 103 normally is also the accountholder of that account and can authorize to charge that account for payments.
  • the service provider 114 has at least a communication address (phone number, email address, IP address, ...) associated with the accountholder, to be able to send messages and data to the mobile radio equipment 103.
  • This communication address may be stored in the service provider unit 114 or in an external server
  • Fig. 2 shows the main phases of an exemplary implementation of the method according to a first embodiment of the present invention
  • the main phases of the payment method according to the present invention are as follows.
  • Phase A The mobile radio equipment 103 provides the Point of Sale 112 with the payment credentials (e.g. credit card number, account to charge,).
  • Phase B The Point of Sale 112 request the payment transaction to the service provider 114.
  • Phase C The service provider 114, through the path C1 and C2 traversing the authentication network 101 , sends a transaction authorization request to the accountholder (that is, to the accountholder's mobile radio equipment 103).
  • Phase D The accountholder authorizes or denies the payment transaction and the mobile radio equipment 103 forwards his decision to the Point of Sale 112.
  • Phase E The Point of Sale 112 forwards the accountholder's decision to the service provider 114, and, accordingly, the service provider 114 carries out or decline the payment transaction.
  • the above phases, as depicted in Fig. 2, are arranged in a counter-clockwise loop, where over the connection between the authentication network 101 and the mobile radio equipment 103 the data transmission takes place in the downlink only. This ensures a high security level and does not require the accountholder to place any phone call, nor to send any kind of message over cellular networks, and not to bear any transmission cost.
  • Fig. 3A shows a block diagram of the environment of the present invention according to a first embodiment.
  • Fig. 3A shows a block diagram of the environment as depicted in Fig. 1 or Fig. 2.
  • messages M1 - 4 and the authorization message or messages AM which are sent between the units of Fig. 1 and Fig. 2 are clearly depicted in Fig. 3A.
  • Step S1 The customer (accountholder) and the merchant agree on the amount of money to transfer and on the relevant statement to produce (receipt, invoice).
  • Step S2 The merchant inputs the appropriate data on the Point of Sale terminals (possibly through a cash register).
  • Step S3 On the mobile radio equipment 103, if needed the accountholder selects the account to charge and activates the short range communication module 104 and the long range connection 102 to the authentication network 101 (the activation of connection 102 in general is not required, as it usually always on ).
  • Step S4 From the accounts data module 108, through connection 109 and by the short range communication module 110 through connection 111 , a first message (customer account message) M1 is sent to the Point of Sale 112 containing the data of the customer account to charge (e.g. credit card number).
  • a first message customer account message M1 is sent to the Point of Sale 112 containing the data of the customer account to charge (e.g. credit card number).
  • Step S5 The Point of Sale 112 sends to the service provider 114 via connection 113 a second message (payment information) M2 with the relevant payment request, including a transaction identification code.
  • Step S6 By means of the short range communication system, the Point of Sale 112 optionally sends to the mobile radio equipment 103 a third message M3 containing at least said transaction identification code; optionally said third message M3 includes transaction details to be displayed by the mobile radio equipment 103 for customer information.
  • Step S7 The service provider 114 checks if said payment request by the Point of Sale 112 can be charged on the indicated account and if the transaction is not acceptable, the service provider 114 may send to the Point of Sale 112 an information message notifying that the transaction is denied.
  • the service provider 114 sends to the mobile radio equipment 103 an information message as well, to inform the customer that a transaction request has been denied; in this case the payment procedure ends here. If the transaction is acceptable to the service provider 114, the service provider 114, through connection 115, the authentication network 101 , and connection 102, sends to the mobile radio equipment 103 a fourth message (payment authorization message) M4 requesting the payment authorization and optionally containing said transaction identifica- tion code, a transaction authorization code, and/or optionally a transaction denial code.
  • said fourth message includes transaction details to be displayed by the mobile radio equipment 103 for customer information.
  • Both said transaction authorization code and said transaction denial code are created by the service provider 114 in a format that allows the service provider 114 to identify the relevant financial transaction.
  • Step S9 The accountholder, through the human interface of the mobile radio equipment 103, authorizes or denies the transaction. Optionally this can be performed auto- matically without any user input.
  • Step S10 The mobile radio equipment 103, by the short range communication module 110, sends to the Point of Sale 112 an authorization message AM containing at least said transaction authorization code or said transaction denial code, according to the customer input.
  • Step S11 The Point of Sale 112 forwards to the service provider 114 the authorization message AM containing at least said transaction authorization code or said transaction denial code, according to the content of said authorization message AM received by the mobile radio equipment 103.
  • the authorization message AM can be forwarded to the service provider 114 as it is received from the mobile radio equipment 103 or can be restructured by the Point of Sale 112.
  • Step S12 If said authorization message AM contains said transaction denial code, the service provider 114 can send to the Point of Sale 112 and to the mobile radio equipment 103 an information message notifying that the transaction has not been authorized by the accountholder, and the payment procedure ends.
  • Step S13 If said authorization message AM contains said transaction authorization code, the service provider 114 carries out the transaction and sends to the Point of Sale 112, and optionally to the mobile radio equipment 103, an information message notifying that the transaction has been successfully completed.
  • the Point of Sale 112 optionally prints out the due transaction statement, and the procedure ends.
  • Step S14 If the service provider 114 does not receive a valid answer to an authorization request before a timeout T1 expires, the procedure resumes at step S7, where the service provider 114 reiterates the authorization request; after a number Nr of such reiterations without receiving a valid answer, the service provider 114 sends to the Point of Sale 112, and optionally to the mobile radio equipment 103, an information message notifying that the payment transaction has aborted because of missing authorization, and the payment procedure ends. Since the fourth message M4 traverses the authentication network 101 , it is implied that the subscriber identity contained in the subscriber identity module 106 is authenticated by the authentication network 101. Therefore, the transaction authorization code forwarded by the Point of Sale 112 to the service provider 114 can be considered trustworthy, that is, it can be considered as actually coming from the legitimate accountholder of the account to charge.
  • the authentication network 101 can be a modern cellular network of the third or higher generation and the mobile radio equipment 103 can be a "smart cellular phone", which has been provided with an accounts data module 108 and a short range communication module 110 e.g. of the NFC (Near Field Communication) technology.
  • NFC Near Field Communication
  • Fig. 3B shows a block diagram of an environment of the invention according to a second embodiment.
  • the messages M1 - M4 and the authorization message or messages AM are depicted in detail.
  • the mobile radio equipment 103 sends back the accountholder's response directly to the service provider via the authentication network 101 by an authorization message AM.
  • the customer buying goods or services at the Point of Sale 112 may be someone else other than the accountholder, and the accountholder with its mobile radio equipment may be far from the Point of Sale 112, provided that the buyer at the Point of Sale 112 has means to give to the Point of Sale 112 the details of the account to charge.
  • the mobile radio equipment 103 is within the range of the short range communication module 110, all the data, including the transaction authorization code, can be sent to the mobile radio equipment 103 through the short range communication module 110.
  • the data sent by the service provider 114 can be transmitted, in fact, through the connection 113, the Point of Sale 112, and the connection 111.
  • information data are transmitted in the uplink only, but the authentication feature of the authentication network 101 are exploited as well, as those skilled in the art can understand.
  • the transaction authorization code and the transaction denial code can be checked at the Point of Sale 112, assuming that in this case all the necessary data for this check are available at the Point of Sale 112, as said below.
  • the Point of Sale 112 can detect if the customer has authorized or denied the payment transaction and deliver or not deliver the goods or the services. Then the Point of Sale 112 forwards to the service provider 114 the transaction authorization code or the transaction denial code received with said authorization message AM to allow the service provider 114 to do the check as well. In this case the time to deliver goods or services is shorter,
  • the third embodiment implies that the service provider 114, while sending the transaction authorization code and the transaction denial code, accompanied by the relevant transaction identification code, to the mobile radio equipment 103, through the authentication network 101 (Step S7, fourth message, of the payment procedure), sends the same data to the Point of Sale 112, through connection 113.
  • the method of the present invention offers a high degree of security.
  • the buyer is not required to place any phone call, nor to send any kind of message over cellular networks, and not to bear any transmission cost. Furthermore, in an embodiment, the buyer does not perform any other interaction other than moving the mobile radio equipment in front of the point of sale.
  • the mobile radio equipment 103 can have WiFi, Bluetooth, Infrared, ultrasound systems or other short range communications means. Relying the confirmation of the cardholder identity on the authentication mechanism of a cellular network, as said above, makes the customer operation very simple. For instance, the customer can authorize or deny the transaction by simply pressing a key or waving the phone in front of the Point of Sale terminal.
  • An additional security measure can be introduced by sending the response to the authori- zation request directly to the service provider 114, in addition to said authorization message AM conveyed by the Point of Sale 112.
  • the mobile radio equipment 103 by the short range communication module 110, sends to the Point of Sale 1 12 an authorization message AM containing at least said transaction authorization code or said transaction denial code and, at the same time, the mobile radio equipment 103 sends also a message containing at least said transaction authorization code or said transaction denial code to the service provider 114, through connection 102, authentication network 101 , and connection 115.
  • Unattended Point of Sales a gas meter of a house that can be rent for short periods of time.
  • steps S1 and S2 of the above payment procedure are predetermined by the Utility Companies.
  • the lessee selects on his phone the Utility Company he wants to contact and the account he wants to charge, and waves his phone in front of the meter.
  • the procedure goes on as in the case of attended Point of Sales, and, in the case of payment authorization, at the end of the procedure the Utility Company turns on the gas supply.
  • the service provider checks if the request is coming from the same user who is paying the bill of the current supply and in the negative case rejects the request, while in the positive case it sends to the customer an authorization request to stop the gas supply. In case of denial by the customer the gas supply is left on, while in case of authorization by the customer the Utility Company turns off the gas supply.
  • the transaction identification code can be generated by the service provider rather than the Point of Sale, without the need to transmit it included in said second message.
  • the mobile radio equipment 103 is forwarding the response to the service provider 114 over the authentication network 101.
  • a service provider device comprising: a third com- munications system apt to transmit and receive data through at least a fixed line or a wireless line 113, a fourth communications system apt to setup a connection 115 with an Authentication Network 101.
  • a second message including a transaction identification code and a financial transaction request received.
  • a fourth message is sent as an authorization indication to a mobile radio equipment 103 via said Authentication Network 101.
  • An authorization message (AM) is received from said mobile radio equipment 103.
  • a payment is allowed to the point of sales 112 if a final authorizing message FA is received from the service provider unit.
  • a transaction authorization code and a transaction denial code is generated.
  • Said transaction authorization code and said transaction denial code is sent to said mobile radio equipment 103 via said Authentication Network 101.
  • Said transaction authorization code or said transaction denial code is received.
  • the authenticity of said received transaction authorization code or said received transaction denial code is checked.
  • a payment to the point of sales 12 is allowed if said transaction authorization code is received.
  • said authorization message AM from said mobile radio equipment 103 is received through said third communications system over said fixed line or wireless line 113, or is received through said a fourth communications system over said connection 115 with said Authentication Network 101 , or is received through both said third communications system and said fourth communications system.
  • said authorization message AM is received through both said third communications system and said fourth communications system. Said payment to the point of sales 112 is allowed only if both the message received through said third communications system.
  • the messages received through said fourth communications system are authorizing messages.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

This invention discloses a method and system for mobile payment, with the buyer authentication and payment authorization performed through a mobile radio equipment (typically a cellular handset). The mobile radio equipment of the buyer has stored inside the data of an account to charge and is equipped with a short range wireless communications system (typically based on Near Field Communication (NFC) technology). Through this communication system the involved Point of Sale gets the data of the account to charge and sends a payment request, with a transaction identification code, to the service provider that man- ages that account. The service provider, through an authentication network (typically a cellular network that authenticates its cellular subscribers), sends a payment authorization request to the mobile radio equipment of the buyer. The buyer loops back his authorization to the service provider through the Point of Sale.

Description

Method of authorizing mobile payments
The present invention relates to a method of authorizing mobile payments allowing people to pay for goods and services by communicating the data of the accounts to charge and sending authorizations for money transactions through mobile radio devices.
Background Mobile payment is one of the most important subjects in the field of payment innovations and mobile services. The architectures and technology solutions proposed for it are many, not only because the relevant players and stakeholders have different interests, but also because there are many cases, with different requirements, where mobile payments can be used. In cases of payments of small amounts of money (e.g., tickets on- board buses and trains, parking fares, etc.), the availability of an easy to use mobile payment system has to be widespread and work even when the communications lines are not available, while the real time check of the customer identity is not essential (offline, deferred checks could be sufficient). On the other hand, there are transactions of significant amounts of money that should be completed only if the identity of the pur- chaser is first reliably confirmed, as unauthorized access to bank accounts can create high losses and damages. Also in the latter cases, however, there are requirements for easy to use and quick to function systems.
At a merchant location, on the purchase of a product or service to pay by a conventional credit card, the credit card is put into a card reader that is capable of accessing the data stored on the credit card.
In the case of contactless credit cards (smart cards that can be simply waived in front of compatible Point of Sale terminals), the data stored in the credit card are accessed through transmission means and are protected by a security system with tamper-resistant properties (e.g., secure ciphering process, secure file system), although a contactless credit card never transmits the card number on air. In fact, for each transaction, the communications chip within the card creates a unique number that would be useless even if it was decrypted. In many cases, for transactions under a given limit, e.g. under $25, no cardholder signature is required.
Some solutions to confirm the cardholder identity and to allow the cardholder to authorize transactions, but with some limitations and drawbacks, are known. WO 2011/112158 A1 describes a system for provision of computer-supported transactions with the use of mobile phones, in which the transfer of the transaction data between the user's mobile phone and the transaction processing centre is done using secure connections of cellular networks, while between the user mobile phone and the Point of Sale terminal the data are transferred using a short-range communication technology (sound-modulated waves, infrared systems, Bluetooth, NFC systems) or WLAN (Wireless Local Area Network). In the system described by WO 2011/112158 A1 the transfer of transaction data between the transaction processing centre and the Point of sale terminal is entirely done through the customer's mobile phone or partly through the customer's mobile phone, therefore the reliability of the process is low and necessarily the buyer has to enter a secret PIN (Personal Identification Number) number. Moreover a bi-directional data connection has to be established through the cellular network, which can suffer any delay and network congestion, thus involving possible long times to carry out the payment transactions.
WO 2011/109508 A2 describes instead a payment transaction method by which a mobile device is used to receive an identifier associated with a piece of merchandise or a service on sale and, upon receipt of the identifier, the mobile device automatically communicates with a remote payment server computer to initiates a payment transaction. Instead of identifying a piece of merchandise or a service, the identifier can identify a merchant or, in general, a recipient of a due payment. With this method the confirmation of the buyer identity has a low security level. The buyer has to activate a bi-directional data connection to a remote server via a cellular network and the time to complete a payment transaction can be long. It seems that the method described by WO 20111/09508 A2 could be acceptable "in the case of small, mobile, and seasonal merchants (e.g., food trucks and flea market vendors)", but not in the general case of Point of Sales equipped with modern communications terminals.
For Point of Sales equipped with modern communication terminals there is a need for systems and methods that allow payment transactions of significant amounts of money to be carried out in short times and with a high level of security, with regard to both the confirmation of the customer identity and the payment authorization.
Summary of the Invention
This object is solved according to the invention by a method of authorizing mobile pay- ments according to claim 1 and a system for authorizing mobile payments according to claim 15.
Therefore, a method of authorizing mobile payments by means of a mobile radio equipment is provided. A point of sales unit is provided with a first message including payment credentials by the mobile radio equipment. A transaction identification code is generated by the point of sales unit or by the mobile radio equipment and forwarding the transaction identification code included in a second message to a service provider unit. A fourth message is sent as an authorization indication from the service provider unit to the mobile radio equipment via an authentication network. A payment is authorized based on the transaction identification code by sending an authorization message from the mobile radio equipment to a service provider unit. A payment to the point of sales is allowed if the service provider has received an authorizing message.
According to an aspect of the invention a payment is authorized based on the transaction identification code by sending the authorization message from the mobile radio equip- ment to a service provider unit via the point of sales unit or via the authentication network.
According to an aspect of the invention a payment is authorized based on the transaction identification code by sending an authorization or a denial message from the mobile radio equipment to a service provider unit. According to an aspect of the invention a transaction authorization code and a transaction denial code is sent from the service provider unit to the mobile radio equipment via the authentication network, based on which the mobile radio equipment respectively sends the authorization or denial message to the service provider unit.
According to an aspect of the invention the authentication network and/or the connection is based on a cellular network like a GSM, CDMA, UMTS, LTE network. According to an aspect of the invention the communication connection is a short range communication connection.
According to an aspect of the invention if a short range connection is not available, the mobile radio equipment is forwarding the response to the service provider over the au- thentication network.
The invention also relates to a mobile radio equipment comprising memory means storing at least payment credentials of at least one financial account, a first long range wireless communication module for receiving messages from a wireless communications network and for receiving a fourth message including a transaction authorization indication, and a second short range wireless communication module for transmitting and receiving data, for transmitting a first message including said payment credentials and for sending an authorization message through said second wireless communications system.
According to an aspect of the invention the mobile radio equipment comprises a human interface allowing at least a presentation of two alternatives and a choice between them. Said authorization message includes a transaction authorization code and a transaction denial code based on an input through said human interface and on said transaction authorization code or said transaction denial code, respectively. The invention also relates a point of sale device comprising a short range wireless communication module for transmitting and receiving data, for receiving a first message including payment credentials through said short range wireless communication module, and for receiving an authorization message including a transaction authorization indication, and a communication module for transmitting and receiving data through at least a fixed line or a wireless line, for transmitting a second message including said the transaction identification code and a financial transaction request and for receiving notification of payment transaction completed or payment transaction denied
The invention also relates to a system for authorizing mobile payments, comprising at least one mobile radio equipment, a point of sales unit; a service provider unit. The point of sales unit is adapted to receive a first message including payment credentials by the mobile radio equipment to generate a transaction identification code and to forward the transaction identification code included in a second message to a service provider unit. Said service provider unit is adapted to send a fourth message as an authorization indica- tion to the mobile radio equipment via an authentication network. The mobile radio equipment is adapted to authorize a payment based on the transaction identification code by sending an authorization message from the mobile radio equipment to a service provider unit. The service provider unit is adapted to allow a payment to the point of sale unit if it has received an authorizing message.
The present invention relates to a method and a system allowing a customer to pay for goods and services by authorizing, through a mobile radio equipment, a service provider to charge a financial account. The mobile radio equipment stores data of at least one chargeable account and includes the features of contactless financial accounts e.g. credit cards. The Point of Sale that has to get the payment can acquire the data of the account to charge through the wireless transmission system of the relevant contactless financial account technology. Then the Point of Sale sends a payment request to the service provider that manages the account to charge.
Through an authentication network, the service provider sends a payment authorization request to the mobile radio equipment of the person entitled to authorize the financial transaction (for the sake of brevity, in what follows this person is called accountholder). The accountholder authorizes or denies the payment transaction by forwarding the appropriate response to the Point of Sale, and the Point of Sale passes that response to the service provider. In a second embodiment of the invention the accountholder sends back that response directly to the Service provider through said authentication network. In any case, the authorization request, and the carried response (e.g. code), comes back to the service provider after having traversed an authentication network. On its arrival at the service provider, the service provider carries out or rejects the payment transaction, according to the accountholder's response. In the preferred embodiment of the invention, the accountholder authentication is guaranteed by the authentication mechanisms of the authentication network. A higher security level of the accountholder authentication can be achieved by asking the accountholder to enter, with his response, a PIN code that is forwarded to the service provider together with the response to said authorization request. A number of technologies can be used for implementing contactless financial accounts: RF (Radiofrequency), NFC (Near Field Communication), WiFi, Bluetooth, Infrared, sound and ultrasound systems. For the sake of simplicity, in what follows reference is mostly made to the NFC technology as short range communication means, but this is not to be considered a limitation in the applicability of the present invention, as it would be clear that any kind of short range transmission technique can be used. In fact what matters for the present invention is the capability to exchange data with a compatible Point of Sale terminal.
In addition to a short range communication module, financial accounts e.g. contactless credit cards may need a so called "secure element". The secure element is an environment in which application codes and application data can be securely stored and administered, and in which secure execution of applications occurs.
A number of alternatives exist to manage account information (e.g. the credit card number), consumer credentials, and payment application, and many ways can be used to deliver, to load, and to store them in the mobile device, but in any case there is the need to get confirmation of the identity of the person who is carrying the mobile device at the moment of paying a good or a service, and the need that the cardholder authorizes the service provider to execute the relevant payment transaction. The present invention deals with these last aspects, regardless of the way the security issues are dealt with. Embodiments and advantages of the invention will now be described in more detail with reference to the drawings
Brief Description of the Drawings
Fig. 1 shows an exemplary environment in which the present invention can be used.
Fig. 2 shows the main steps of an exemplary implementation of the method according to a first embodiment of the present invention.
Fig. 3A shows a block diagram of the environment of the present invention according to a first embodiment, and
Fig. 3B shows a block diagram of an environment of the invention according to a second embodiment.
Detailed Description of the Invention
Fig. 1 shows an exemplary environment in which the present invention can be used. Accordingly, Fig. 1 shows an authentication network 101 , a mobile radio equipment 103 like a smart phone, a Point of Sale 112, and a service provider unit 114. The mobile radio equipment 103 comprises a long range communication module 104 for cellular communication (e.g., GSM, CDMA, UMTS, LTE) and a subscriber identity module 106, which are typical of the cellular environment. The mobile radio equipment 103 further comprises an accounts data module 108 and a short range communication module 110 to implement a contactless credit card.
From the technical point of view, there are at least two alternative architectures to combine a mobile phone with a contactless credit card and the relevant secure element, containing application codes and data. In fact, as explained in the paper "Security of Proximity mobile Payments, A Smart Card Alliance Contactless and mobile Payments Council White Paper, May 2009, Publication Number: CPMC-09001", it is possible: to have the secure element on the UICC (Universal Integrated Circuit Card), together with the SIM (subscriber identity module) of the mobile phone, or to have the secure element outside the UICC, either embedded in the mobile phone or stored in a removable SD (Secure Digital) Memory Card. The method and the system of the present invention applies to both said architectures, as it is only required to access some of the account data stored in the secure element.
The accounts data module 108 shown in Fig. 1 can in practice be part of said secure element. As such, the accounts data module 108 can reside on the UICC, where the subscriber identity module 106 resides, can be implemented on an SD Memory card, or can be embedded in the mobile radio equipment. For what the present invention is concerned, it does not matter where the accounts data module 108 resides, as the present invention only requires that some data relevant to the account to charge can be accessed. To access those data, some interfaces, protocols, and applications, that are dependent on the chosen alternative architecture, are needed, but their design and development is common practice for those skilled in the art. These are not shown in Fig. 1 for the sake of simplicity. The accounts data module 108 can comprise interfaces and applications allowing data to be exchanged with the short range communication module 110. For the management of data and applications, the accounts data module 108 can optionally also be connected to the long range communication module 104. The long range communication module 104 is connected to the authentication network 101 , through a wireless connection 102, in particular a cellular connection, and to the subscriber identity module 106, through wired connection 105. Moreover, the long range communication module 104 can be connected to the short range communication module 110 through wired connection 107, to allow data transfer from the long range connection 102 to the short range connection 111. The long range communication module 104 includes the applications needed to process the messages, in particular the requests for payment authorizations, coming from the service provider 114.
All the four modules shown inside the mobile radio equipment 103 can have connections to the human interface of the mobile radio equipment 103 for inputting data and commands.
The short range communication module 110 can provide connections outside the mobile radio equipment 103, and, in particular, it is coupled to the Point of Sale 112 through wireless or wired connection 111. The Point of Sale 112 communicates, through wired or wireless connection 113, with the service provider 114, which is also connected to the authentication network 101 , through wire or wireless connection 115.
To carry out said communications, the Point of Sale 112 includes a terminal or module 1 2a for communicating with the short range communication module 110 via the short range connection 111 and a terminal or module 112b for communicating with the service provider 114 via the connection 113.
The subscriber identity module 106 in the mobile radio equipment 103 comprises the customer credentials to access the authentication network 101. By means of those credentials the customer is authenticated by the authentication network 101. With that authentication, the mobile radio equipment 103 is allowed to access the authentication network 101 and to setup data connections with it via the wireless connection 102. The accounts data module 108 is apt to be supplied with the data of at least one financial account (credit card accounts, debit card accounts, ...) that is managed by the service provider 114. The subscriber holding the mobile radio equipment 103 normally is also the accountholder of that account and can authorize to charge that account for payments. On the other hand, the service provider 114, has at least a communication address (phone number, email address, IP address, ...) associated with the accountholder, to be able to send messages and data to the mobile radio equipment 103. This communication address may be stored in the service provider unit 114 or in an external server
Now let us assume that the accountholder carrying the mobile radio equipment 103 buys a good or a service at the Point of Sale 112 and that he selects one of the accounts listed in the accounts data module 108 to pay the corresponding amount of money. Let us also assume that the selected account is provided and managed by the service provider 114.
Fig. 2 shows the main phases of an exemplary implementation of the method according to a first embodiment of the present invention The main phases of the payment method according to the present invention are as follows. Phase A: The mobile radio equipment 103 provides the Point of Sale 112 with the payment credentials (e.g. credit card number, account to charge,). Phase B: The Point of Sale 112 request the payment transaction to the service provider 114. Phase C: The service provider 114, through the path C1 and C2 traversing the authentication network 101 , sends a transaction authorization request to the accountholder (that is, to the accountholder's mobile radio equipment 103). Phase D: The accountholder authorizes or denies the payment transaction and the mobile radio equipment 103 forwards his decision to the Point of Sale 112. Phase E: The Point of Sale 112 forwards the accountholder's decision to the service provider 114, and, accordingly, the service provider 114 carries out or decline the payment transaction. The above phases, as depicted in Fig. 2, are arranged in a counter-clockwise loop, where over the connection between the authentication network 101 and the mobile radio equipment 103 the data transmission takes place in the downlink only. This ensures a high security level and does not require the accountholder to place any phone call, nor to send any kind of message over cellular networks, and not to bear any transmission cost. Fig. 3A shows a block diagram of the environment of the present invention according to a first embodiment. Fig. 3A shows a block diagram of the environment as depicted in Fig. 1 or Fig. 2. In particular, messages M1 - 4 and the authorization message or messages AM which are sent between the units of Fig. 1 and Fig. 2 are clearly depicted in Fig. 3A.
The detailed payment procedure may include the following steps. Step S1 : The customer (accountholder) and the merchant agree on the amount of money to transfer and on the relevant statement to produce (receipt, invoice).
Step S2: The merchant inputs the appropriate data on the Point of Sale terminals (possibly through a cash register).
Step S3: On the mobile radio equipment 103, if needed the accountholder selects the account to charge and activates the short range communication module 104 and the long range connection 102 to the authentication network 101 (the activation of connection 102 in general is not required, as it usually always on ).
Step S4: From the accounts data module 108, through connection 109 and by the short range communication module 110 through connection 111 , a first message (customer account message) M1 is sent to the Point of Sale 112 containing the data of the customer account to charge (e.g. credit card number).
Step S5: The Point of Sale 112 sends to the service provider 114 via connection 113 a second message (payment information) M2 with the relevant payment request, including a transaction identification code. Step S6: By means of the short range communication system, the Point of Sale 112 optionally sends to the mobile radio equipment 103 a third message M3 containing at least said transaction identification code; optionally said third message M3 includes transaction details to be displayed by the mobile radio equipment 103 for customer information. Step S7: The service provider 114 checks if said payment request by the Point of Sale 112 can be charged on the indicated account and if the transaction is not acceptable, the service provider 114 may send to the Point of Sale 112 an information message notifying that the transaction is denied. Optionally the service provider 114 sends to the mobile radio equipment 103 an information message as well, to inform the customer that a transaction request has been denied; in this case the payment procedure ends here. If the transaction is acceptable to the service provider 114, the service provider 114, through connection 115, the authentication network 101 , and connection 102, sends to the mobile radio equipment 103 a fourth message (payment authorization message) M4 requesting the payment authorization and optionally containing said transaction identifica- tion code, a transaction authorization code, and/or optionally a transaction denial code. Optionally said fourth message includes transaction details to be displayed by the mobile radio equipment 103 for customer information. Both said transaction authorization code and said transaction denial code are created by the service provider 114 in a format that allows the service provider 114 to identify the relevant financial transaction. Step S8: The mobile radio equipment 103 optionally displays said authorization request and possibly additional information about the transaction that can be picked up from said third message M3 and/or said fourth message M4, according to said transaction identification code.
Step S9: The accountholder, through the human interface of the mobile radio equipment 103, authorizes or denies the transaction. Optionally this can be performed auto- matically without any user input.
Step S10: The mobile radio equipment 103, by the short range communication module 110, sends to the Point of Sale 112 an authorization message AM containing at least said transaction authorization code or said transaction denial code, according to the customer input. Step S11 : The Point of Sale 112 forwards to the service provider 114 the authorization message AM containing at least said transaction authorization code or said transaction denial code, according to the content of said authorization message AM received by the mobile radio equipment 103. The authorization message AM can be forwarded to the service provider 114 as it is received from the mobile radio equipment 103 or can be restructured by the Point of Sale 112.
Step S12: If said authorization message AM contains said transaction denial code, the service provider 114 can send to the Point of Sale 112 and to the mobile radio equipment 103 an information message notifying that the transaction has not been authorized by the accountholder, and the payment procedure ends. Step S13: If said authorization message AM contains said transaction authorization code, the service provider 114 carries out the transaction and sends to the Point of Sale 112, and optionally to the mobile radio equipment 103, an information message notifying that the transaction has been successfully completed. The Point of Sale 112 optionally prints out the due transaction statement, and the procedure ends. Step S14: If the service provider 114 does not receive a valid answer to an authorization request before a timeout T1 expires, the procedure resumes at step S7, where the service provider 114 reiterates the authorization request; after a number Nr of such reiterations without receiving a valid answer, the service provider 114 sends to the Point of Sale 112, and optionally to the mobile radio equipment 103, an information message notifying that the payment transaction has aborted because of missing authorization, and the payment procedure ends. Since the fourth message M4 traverses the authentication network 101 , it is implied that the subscriber identity contained in the subscriber identity module 106 is authenticated by the authentication network 101. Therefore, the transaction authorization code forwarded by the Point of Sale 112 to the service provider 114 can be considered trustworthy, that is, it can be considered as actually coming from the legitimate accountholder of the account to charge.
The authentication network 101 can be a modern cellular network of the third or higher generation and the mobile radio equipment 103 can be a "smart cellular phone", which has been provided with an accounts data module 108 and a short range communication module 110 e.g. of the NFC (Near Field Communication) technology. Considering that the transmissions between the authentication network 101 and mobile radio equipment 103 occur in the downlink only, very high transmission rates can be used. Moreover it would be easy for a service provider to get transmission priorities for its originated communications and avoid delays due to network congestions, therefore with this kind of equipment the time to communicate data over connection 102 can be very short.
Fig. 3B shows a block diagram of an environment of the invention according to a second embodiment. In Fig. 3B, the messages M1 - M4 and the authorization message or messages AM are depicted in detail.
In an embodiment of the present invention which can optionally be based on the first embodiment, the mobile radio equipment 103 sends back the accountholder's response directly to the service provider via the authentication network 101 by an authorization message AM. In this case the customer buying goods or services at the Point of Sale 112 may be someone else other than the accountholder, and the accountholder with its mobile radio equipment may be far from the Point of Sale 112, provided that the buyer at the Point of Sale 112 has means to give to the Point of Sale 112 the details of the account to charge. If instead the mobile radio equipment 103 is within the range of the short range communication module 110, all the data, including the transaction authorization code, can be sent to the mobile radio equipment 103 through the short range communication module 110. The data sent by the service provider 114 can be transmitted, in fact, through the connection 113, the Point of Sale 112, and the connection 111. In this case, over the connection 102, information data are transmitted in the uplink only, but the authentication feature of the authentication network 101 are exploited as well, as those skilled in the art can understand. According to a third embodiment which can be at least partly based on the second embodiment, the transaction authorization code and the transaction denial code can be checked at the Point of Sale 112, assuming that in this case all the necessary data for this check are available at the Point of Sale 112, as said below. Thus, on receiving said authorization message AM from the mobile radio equipment 103, the Point of Sale 112 can detect if the customer has authorized or denied the payment transaction and deliver or not deliver the goods or the services. Then the Point of Sale 112 forwards to the service provider 114 the transaction authorization code or the transaction denial code received with said authorization message AM to allow the service provider 114 to do the check as well. In this case the time to deliver goods or services is shorter,
The third embodiment implies that the service provider 114, while sending the transaction authorization code and the transaction denial code, accompanied by the relevant transaction identification code, to the mobile radio equipment 103, through the authentication network 101 (Step S7, fourth message, of the payment procedure), sends the same data to the Point of Sale 112, through connection 113.
Hence, the method of the present invention offers a high degree of security.
Finally, with the first embodiment of the present invention, the buyer is not required to place any phone call, nor to send any kind of message over cellular networks, and not to bear any transmission cost. Furthermore, in an embodiment, the buyer does not perform any other interaction other than moving the mobile radio equipment in front of the point of sale.
As alternatives to NFC, or as complementary technologies, in the mobile radio equipment 103 one can have WiFi, Bluetooth, Infrared, ultrasound systems or other short range communications means. Relying the confirmation of the cardholder identity on the authentication mechanism of a cellular network, as said above, makes the customer operation very simple. For instance, the customer can authorize or deny the transaction by simply pressing a key or waving the phone in front of the Point of Sale terminal.
However, if a higher security level would be required, to counteract, for instance, a possi- ble usage of a just stolen phone, some improvement can be introduced. In this case, instead of authorizing the transaction by a simple confirmation, the customer could be asked to enter a PIN (Personal Identification Number). That PIN would be sent, together with the transaction authorization code or the transaction denial code, to the Point of Sale 112 and, by the Point of Sale 112, forwarded to the service provider 114 for a security check (how PINs can be used is well known by those skilled in the art). In this case, however, it would not be advisable to execute the identity checks at the Point of Sale 112, unless a complex encryption and decryption mechanisms are implemented in the mobile radio equipment 103, the Point of Sale 112, and the service provider 114.
An additional security measure can be introduced by sending the response to the authori- zation request directly to the service provider 114, in addition to said authorization message AM conveyed by the Point of Sale 112. In this case the mobile radio equipment 103, by the short range communication module 110, sends to the Point of Sale 1 12 an authorization message AM containing at least said transaction authorization code or said transaction denial code and, at the same time, the mobile radio equipment 103 sends also a message containing at least said transaction authorization code or said transaction denial code to the service provider 114, through connection 102, authentication network 101 , and connection 115.
This ensures that a legitimate accountholder wanting to deny a payment authorization can send his denial to the service provider 114 from wherever he is. If the response to the authorization request coming to the service provider 114 from the authentication network through connection 115 is consistent with the response coming from the Point of Sale through connection 113, the service provider 114 goes on with a regular authorization or denial of the payment transaction. If instead the two responses are inconsistent, the service provider 114 stops the payment procedure and sends alert messages, notifying the inconsistency, to both the accountholder and the Point of Sale 1 12.
An interesting adaptation of the present invention is with "Unattended Point of Sales". As an example, consider as Unattended Point of Sales a gas meter of a house that can be rent for short periods of time.
In this case, steps S1 and S2 of the above payment procedure are predetermined by the Utility Companies. On taking occupancy of the house, the lessee selects on his phone the Utility Company he wants to contact and the account he wants to charge, and waves his phone in front of the meter. With due regard to the necessary modifications, the procedure goes on as in the case of attended Point of Sales, and, in the case of payment authorization, at the end of the procedure the Utility Company turns on the gas supply.
When the lessee leaves the rental, the same procedure applies, but considering that the gas supply is on. In this case the service provider checks if the request is coming from the same user who is paying the bill of the current supply and in the negative case rejects the request, while in the positive case it sends to the customer an authorization request to stop the gas supply. In case of denial by the customer the gas supply is left on, while in case of authorization by the customer the Utility Company turns off the gas supply. Among the modifications of the procedure that can be applied in the case of Unattended Point of Sales, one can consider that the transaction identification code can be generated by the service provider rather than the Point of Sale, without the need to transmit it included in said second message.
The adaptation and the application of the present invention to Unattended Points of Sales has been described with reference to gas meters for the sake of easiness, but this is only an illustrative example and it is not intended to be in any way limiting the adaptation and the application of the present invention to many other cases of points of sales.
Many other variations of the invention will become apparent to those skilled in the art upon review of the disclosure. Therefore the above description is to be considered illus- trative and not restrictive.
According to a further aspect of the invention which can be based on any of the embodiments, if a short range connection 111 is not available, the mobile radio equipment 103 is forwarding the response to the service provider 114 over the authentication network 101.
According to the invention a service provider device is provided comprising: a third com- munications system apt to transmit and receive data through at least a fixed line or a wireless line 113, a fourth communications system apt to setup a connection 115 with an Authentication Network 101. Through said third communications system, a second message (M2) including a transaction identification code and a financial transaction request received. A fourth message (M4) is sent as an authorization indication to a mobile radio equipment 103 via said Authentication Network 101. An authorization message (AM) is received from said mobile radio equipment 103. A payment is allowed to the point of sales 112 if a final authorizing message FA is received from the service provider unit.
According to an aspect of the above described service provider device a transaction authorization code and a transaction denial code is generated. Said transaction authorization code and said transaction denial code is sent to said mobile radio equipment 103 via said Authentication Network 101. Said transaction authorization code or said transaction denial code is received. The authenticity of said received transaction authorization code or said received transaction denial code is checked. A payment to the point of sales 12 is allowed if said transaction authorization code is received.
According to an aspect of the above described service provider device, said authorization message AM from said mobile radio equipment 103, is received through said third communications system over said fixed line or wireless line 113, or is received through said a fourth communications system over said connection 115 with said Authentication Network 101 , or is received through both said third communications system and said fourth communications system.
According to an aspect of the above described service provider device said authorization message AM is received through both said third communications system and said fourth communications system. Said payment to the point of sales 112 is allowed only if both the message received through said third communications system. The messages received through said fourth communications system are authorizing messages.

Claims

Claims
1. Method of authorizing mobile payments by means of a mobile radio equipment (103), comprising the steps of:
- providing a point of sales unit (112) with a first message (M1 ) including payment credentials by the mobile radio equipment (103),
- generating a transaction identification code by the point of sales unit (112) or by the mobile radio equipment (103) and forwarding the transaction identification code included in a second message (M2) to a service provider unit (114);
- sending a fourth message (M4) as an authorization indication from the service provider unit (114) to the mobile radio equipment (103) via an authentication network
(101 ),
- authorizing a payment based on the transaction identification code by sending an authorization message (AM) from the mobile radio equipment (103) to a service provider unit (114); and
- allowing a payment to the point of sales (112) if the service provider (114) has received an authorizing message (AM).
2. Method according to claim 1 , comprising the step of:
- authorizing a payment based on the transaction identification code by sending the authorization message (AM) from the mobile radio equipment (103) to a service provider unit (114) via the point of sales unit (112) or via the authentication network (101 );
3. Method according to claim 1 , or 2, comprising the steps of:
- authorizing a payment based on the transaction identification code by sending an authorization or a denial message from the mobile radio equipment (103) to a service provider unit (114).
4. Method according to claim 3, comprising the steps of:
- sending a transaction authorization code and a transaction denial code from the service provider unit (114) to the mobile radio equipment (103) via the authentication network (101 ), based on which the mobile radio equipment (103) respectively sends the authorization or denial message to the service provider unit (112).
5. Method according to any one of the claims 1 to 4, wherein the authentication network (101 ) and/or the connection (102) is based on a cellular network like a GSM, CDMA, UMTS, LTE network.
6. Method according to any one of the claims 1 to 5, wherein the communication connection (111 ) is a short range communication connection.
7. Method according to any one of the claims 1 to 6, wherein if a short range connection (111 ) is not available, the mobile radio equipment (103) is forwarding the response to the service provider (114) over the authentication network (101 ).
8. A mobile radio equipment comprising:
memory means (108) for storing at least payment credentials of at least one financial account,
a long range wireless communication module (104) for receiving messages from a wireless communications network (101 ) and for receiving a fourth message (M4) including a transaction authorization indication, and
a short range wireless communication module (110) for transmitting and receiving data, for transmitting a first message (M1 ) including said payment credentials and for sending an authorization message (AM) through said second wireless communications system.
9. A mobile radio equipment according to claim 8, further comprising:
a human interface allowing at least a presentation of two alternatives and a choice between them,
wherein said authorization message (AM) includes a transaction authorization code and a transaction denial code based on an input through said human interface and on said transaction authorization code or said transaction denial code, respectively.
10. A mobile radio equipment according to any one of the claims 8 and 9, wherein said first wireless communications system is based on a cellular network like a GSM, CDMA,
UMTS, LTE network.
11. A mobile radio equipment according to any one of the claims 8 to 11 wherein said authorization message (AM) is transmitted through said first wireless communications module (104), if said second wireless communication module (110) is not available.
12. A point of sale device comprising:
a short range wireless communication module (112a) for transmitting and receiving data, for receiving a first message (M1 ) including payment credentials through said short range wireless communication module, and for receiving an authorization message (AM) including a transaction authorization indication, and
a communication module (112b) for transmitting and receiving data through at least a fixed line or a wireless line (113), for transmitting a second message (M2) including said transaction identification code and a financial transaction request and for receiving notification of payment transaction completed or payment transaction denied
13. A point of sale device according to claim 12, wherein said authorization message (AM) is forwarded through said communication module.
14. A point of sale device according to claim 12 or 13, wherein security data needed to check the authenticity of said message is received through the communication module and the authenticity of said authorization message (AM) is checked.
15. System for authorizing mobile payments, comprising:
at least one mobile radio equipment (103),
a point of sales unit (112)';
a service provider unit (114);
wherein the point of sales unit (112) is adapted to receive a first message (M1 ) including payment credentials by the mobile radio equipment (103), to generate a transac- tion identification code and to forward the transaction identification code included in a second message (M2) to a service provider unit (114);
wherein said service provider unit (114) is adapted to send a fourth message (M4) as an authorization request to the mobile radio equipment (103) via an authentication network (101 ),
wherein the mobile radio equipment (103) is adapted to authorize a payment based on the transaction identification code by sending an authorization message (AM) from the mobile radio equipment (103) to a service provider unit (114),
wherein the service provider unit (114) is adapted to allow a payment to the point of sale unit (1 12) if it has received an authorizing message (AM).
PCT/EP2012/068919 2012-09-26 2012-09-26 Method of authorizing mobile payments WO2014048457A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2012/068919 WO2014048457A1 (en) 2012-09-26 2012-09-26 Method of authorizing mobile payments

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2012/068919 WO2014048457A1 (en) 2012-09-26 2012-09-26 Method of authorizing mobile payments

Publications (1)

Publication Number Publication Date
WO2014048457A1 true WO2014048457A1 (en) 2014-04-03

Family

ID=46934578

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2012/068919 WO2014048457A1 (en) 2012-09-26 2012-09-26 Method of authorizing mobile payments

Country Status (1)

Country Link
WO (1) WO2014048457A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10007518A1 (en) * 2000-02-18 2001-08-30 Deutsche Telekom Mobil Cashless payment transaction through exchange of electronic data, involves performing payment transaction based on data transferred between customer device and paying terminal through radio
US20040083168A1 (en) * 2002-07-01 2004-04-29 Rainer Kuth Payment system for cashless payment transactions
US20070130085A1 (en) * 2005-12-07 2007-06-07 Xi Zhu Method and apparatus of secure authentication and electronic payment through mobile communication tool
EP2199965A1 (en) * 2009-04-22 2010-06-23 Euro-Wallet B.V. Payment transaction client, server and system
WO2011109508A2 (en) 2010-03-03 2011-09-09 Visa International Service Association Systems and methods using mobile device in payment transaction
WO2011112158A1 (en) 2010-03-10 2011-09-15 Margento R&D D.O.O. Wireless mobile transaction system and the procedure for carrying out transactions with a mobile phone

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10007518A1 (en) * 2000-02-18 2001-08-30 Deutsche Telekom Mobil Cashless payment transaction through exchange of electronic data, involves performing payment transaction based on data transferred between customer device and paying terminal through radio
US20040083168A1 (en) * 2002-07-01 2004-04-29 Rainer Kuth Payment system for cashless payment transactions
US20070130085A1 (en) * 2005-12-07 2007-06-07 Xi Zhu Method and apparatus of secure authentication and electronic payment through mobile communication tool
EP2199965A1 (en) * 2009-04-22 2010-06-23 Euro-Wallet B.V. Payment transaction client, server and system
WO2011109508A2 (en) 2010-03-03 2011-09-09 Visa International Service Association Systems and methods using mobile device in payment transaction
WO2011112158A1 (en) 2010-03-10 2011-09-15 Margento R&D D.O.O. Wireless mobile transaction system and the procedure for carrying out transactions with a mobile phone

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WEISS J: "Mobile TAN, The mobile phone replaces the TAN list", INTERNET CITATION, 28 February 2003 (2003-02-28), XP002330374, Retrieved from the Internet <URL:http://www.novosec.com/documents/eCommerce_MobileTAN_en.pdf> [retrieved on 20050602] *

Similar Documents

Publication Publication Date Title
US10755271B2 (en) Location based authentication
US7577616B2 (en) Method and apparatus of secure authentication and electronic payment through mobile communication tool
EP2836971B1 (en) Systems, methods, and computer readable media for conducting a transaction using cloud based credentials
US7014107B2 (en) Wireless payment processing system
JP4031989B2 (en) Mobile communication terminal and method
US20120078783A1 (en) Method, apparatus, and system for enabling purchaser to direct payment approval, settlement, and membership subscription using mobile communication terminal
CN101098371B (en) Finance data processing method and mobile terminal equipment
US10552815B2 (en) Secure contactless payment systems and methods
KR20160015375A (en) Authorizing transactions using mobile device based rules
KR20140125449A (en) Transaction processing system and method
EP1914675A1 (en) Electronic settlement system, method therefor, settlement server used therein, communication terminal, and program
WO2004012352A1 (en) Mobile device equipped with a contactless smart card reader/writer
US20220191002A1 (en) Provisioning method and system with message conversion
KR101136509B1 (en) Wireless terminal payment system using payer&#39;s pre permission and method thereof
EP2779069A1 (en) Method and system for managing a transaction
KR20160146734A (en) Remote transaction system, method and point of sale terminal
WO2009064160A1 (en) System for electronic commerce transactions, portable electronic communications device, communications network, computer program product and method thereof
Ahuja Mobile payments for conducting M-Commerce
JP2015525383A (en) System and method for conducting transactions
KR20120076692A (en) Method of managing payment channel
US20140201014A1 (en) Process for payment by cell phone to a merchant object of the invention
WO2014048457A1 (en) Method of authorizing mobile payments
CA2475275C (en) Wireless data processing system for credit payment
WO2013117775A1 (en) Method for paying by mobile phone in shops
KR20090091893A (en) Method for settling affiliated store, van server, settlement process server and recording medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12766075

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205N DATED 07.08.2015)

122 Ep: pct application non-entry in european phase

Ref document number: 12766075

Country of ref document: EP

Kind code of ref document: A1