ZA200104018B - Method of, and apparatus for, conducting electronic transactions. - Google Patents
Method of, and apparatus for, conducting electronic transactions. Download PDFInfo
- Publication number
- ZA200104018B ZA200104018B ZA200104018A ZA200104018A ZA200104018B ZA 200104018 B ZA200104018 B ZA 200104018B ZA 200104018 A ZA200104018 A ZA 200104018A ZA 200104018 A ZA200104018 A ZA 200104018A ZA 200104018 B ZA200104018 B ZA 200104018B
- Authority
- ZA
- South Africa
- Prior art keywords
- transaction
- mobile telephone
- message
- memory means
- transaction message
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 38
- 230000001413 cellular effect Effects 0.000 claims description 21
- 230000005540 biological transmission Effects 0.000 claims description 4
- 238000010200 validation analysis Methods 0.000 claims description 4
- 238000004891 communication Methods 0.000 description 5
- 230000004044 response Effects 0.000 description 4
- 238000013519 translation Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
Landscapes
- Mobile Radio Communication Systems (AREA)
Description
METHOD OF, AND APPARATUS FOR, CONDUCTING ELECTRONIC
TRANSACTIONS
This invention relates to a method of, and apparatus for, conducting electronic transactions and more particularly, but not exclusively, to a method of and apparatus for conducting secure electronic transactions over a telephone network, such as a cellular telephone network. ’
The use of telephones to conduct electronic financial transactions is well known in the art. Most commonly, Duel-Tone Multi-Frequency (DTMF) communication protocols of telephones are used to provide customers with access to banking services. This type of facility is only available to customers of a particular financial institution. Thus, only a closed system is available and customers have to link third party accounts to their financial institutions to, for example, transfer funds to third party accounts.
The linking of third party accounts provides security in that customers do not have to manually enter third party account numbers every time a third party account is paid.
Incorrect entry of account numbers is avoided by linking third party accounts to a customer’s financial institution. This linking process is cumbersome and limiting for customers and financial institutions and only linked accounts can be paid by customers. Telephonic banking further provides for the purchase of goods or services by quoting a credit card number. In this case the credit card is not physically available to a merchant to read the card magnetically or to make a manual print or copy and this creates a difficulty from a security and authorisation perspective. With credit card transactions, the customer’s financial institution pays the merchant or third party and accepts at least .
partial liability in the case that the customer does not pay their credit card account. This type of transaction is also commonly used to purchase goods on the Internet. Pre-paid cellular airtime can also be purchased over a cellular telephone by providing a credit card number. Goods and services purchased are limited to those provided by a cellular service provider or those available on the Internet and, as stated above, a difficulty arises in that the financial institution incurs liability for payment.
Automatic Teller Machines (ATM's) provide a means for secure electronic banking. At an ATM, a card reader reads a bank card and a secret Personal Identification Number (PIN) is provided by a customer to authorise the transaction. Transaction messages are sent to switches or directly to banks or other financial institutions. These transaction messages are encrypted at a security level that is acceptable to financial institutions.
ATMs are not readily accessible and are installed in fixed locations. Customers are also restricted at an ATM in that they cannot pay accounts which are not linked to their banking profile.
Objective of the Invention
It is an object of this invention to provide a method of, and apparatus for, conducting electronic transactions which, at least partially, alleviates some of the abovementioned difficulties.
In accordance with this invention there is provided a method of conducting electronic transactions comprising the steps of: storing an encryption key in a memory means of a mobile telephone; selecting a financial transaction with the mobile telephone from a number of available financial transactions; providing transaction information; : generating a transaction message from the selected financial transaction and transaction information;
encrypting at least part of the transaction message; : transmitting the transaction message from the mobile telephone, over a wireless network.
A further feature of the invention provides for the transaction message to be transmitted ~ © from the mobile telephone to a receiving station such as a bank or a switch.
A still further feature of the invention provides for the mobile telephone to be a cellular telephone or a satellite telephone.
There is also provided for the transaction information to include at least one bank account number or bank card number and an associated PIN.
Further features of the invention provide for the transaction message to include information relating to the selected transaction, a bank account number or bank card 16 number and the PIN; for at least the PIN to be encrypted; and for the transaction message to include error check information to facilitate the authentication of the mobile telephone or SIM card at the receiving station and to facilitate the validation of the integrity of the ’ message at the receiving station. :
There is still further provided for the memory means to be a SIM card or to be an
Integrated Circuit (IC) memory chip or a microprocessor.
Further features of the invention provide for an encryption algorithm to be stored on the memory means; and for copies of the encryption algorithm and the encryption key to be : stored at the switch or the financial institution.
The invention extends to a mobile telephone having input means for inputting transaction information and for selecting a financial transaction from a number of available financial transactions; : memory means for storing at least an encryption key;
generating means for generating an at least partially encrypted transaction message from the transaction information, information relating to the selected financial transaction and the encryption key; and transmission means for transmitting the message over a wireless network.
There is provided for the memory means to be a SIM card; alternatively, for the memory means to be an Integrated Circuit (IC) memory chip or a microprocessor.
There is provided for at least some of the transaction information, such as a bank account "10 number or a bank card number, to be stored on the memory means.
There is provided for an encryption algorithm to be stored in the memory means and for the encryption algorithm to generate a new encryption key for each new encryption message generated.
A further feature of the invention provides for error check information to be transmitted with the message. The error check information facilitates the validation of the integrity of a transaction message received by a receiving station and also facilitates the authentication of the mobile phone or SIM card from which the message is received at the receiving station.
Further features of the invention provide for the receiving station to be a switch or a financial institution; and for the financial institution or switch to effect a financial transaction in response to receiving the message.
These and other features of the invention are described in more detail below.
A preferred method and embodiment of the invention is described below by way of example only, and with reference to the accompanying drawing, which shows a schematic block diagram of a method of and apparatus for conducting electronic transactions.
Best Mode of Carrying out the Invention A
With reference to the accompanying drawing, a method for conducting an electronic transaction is shown schematically, and apparatus for use in the method are generally indicated by reference numeral 10.
The method utilises and includes the following apparatus: a switch 12 which houses a secure translator 14, a point of sale (POS) terminal 16, a mobile telephone such as a cellular telephone 18, a financial institution 20 and at least one content provider 22.
The switch 12 is connected to at least one cellular telephone 18 via a cellular telephone network and is further connected by means of a fixed land-based communication line to at least one financial institution 20 and at least one POS terminal 16. 0
The content providers 22 subscribe to the services of the switch 12, which provides a user of a cellular telephone 18 with the means to conduct a secure electronic transaction between a content provider 22 and a financial institution 20. The switch 12 has the facility to receive transaction messages transmitted over a cellular telephone network by a cellular telephone 18 and forward the messages to a financial institution 20 with the instructions necessary to effect a transaction involving a particular content provider 22 in accordance with the transaction message. Furthermore, a transaction message received by the switch 12 contains encrypted information which is translated, by the translator 14, into an encryption format that the financial institution 20 will have the means to interpret.
A SIM card of the cellular telephone 18 has an initial encryption key and an encryption algorithm stored thereon as described below. A unique initial encryption key is generated by the switch 12 to be associated with a specific SIM card during the manufacture of the
SIM cards. Transportation of a database of initial encryption keys to a manufacturer of the SIM cards takes place in at least to distinct separate paths. Each initial encryption key is divided into at least two parts so that each part of an initial encryption key is rendered useless by itself. These divided parts are then transported via the two paths so that the transportation from the switch to the manufacturer of the initial encryption keys is secure.
The initial encryption keys are reassembled on arrival at the manufacturer of the SIM cards where a particular initial encryption key is stored on a secure zone of a particular
SIM card during the manufacturing process. A database of initial encryption keys and corresponding SIM identities is stored securely within translator 14 resident at the switch 12.
In addition to the installation of the initial encryption key on a SIM card an encryption algorithm is also stored on the SIM cards. The encryption algorithm is used to encrypt transaction messages with the use of encryption keys. Transaction messages are transmitted from the cellular telephone 18 and consist of a bank account number or bank card number and an associated PIN (referred to in this specification as the “transaction information”) and information relating to a selected transaction from a number of available choices. A menu of available choices may be displayed on a screen of the cellular telephone 18 or may be made available in any convenient manner such as in printed format. The transaction message is generated by a generating means in the mobile telephone. The generating means can be software stored in the memory means or can be dedicated hardware for generating transaction messages or a combination of both.
Once a customer has purchased a SIM card for use in a cellular telephone, a registration process is required in order to initialize a secure transaction facility. The registration process involves storing a user’s banking details such as the user’s bank account or bank card number on a secure zone of the SIM card. It is envisaged that this will take place at the POS terminal 16. Customers swipe the bank card through a magnetic strip reader at the POS terminal 16 thereby enabling the POS terminal 16 to access their banking details.
The POS terminal 16 then stores the banking details in a secure zone on the SIM card. A request for the registration of this particular SIM card identity within the system is transmitted to the switch 12 from the POS terminal 16. It will be appreciated that the banking details of a user can be transmitted for storage on the SIM card over a cellular network or can be stored on the SIM card by inserting the SIM card into a writer at the
POS terminal 16.
On receipt of the registration request message, the switch 12 validates the integrity of the . information received using error check information that authenticates the POS terminal 16 and SIM card before returning a response message that is encrypted using the same initial encryption key. The error check information is transmitted with all messages that are transmitted in the system. The error check information allows for checking of both the validity of the source of a message and the correctness of a received message.
The SIM card now validates the accuracy of the response message from the switch 12. - Both the switch 12 and SIM card, using information from both the request and response messages, update the initial encryption key using the encryption algorithm for use in the next transaction. Using an algorithm common to the SIM card and the switch, a new encryption key is derived for each new message in the system. An encryption technique such as this will ensure a different encryption key for each transaction message of each individual cellular telephone.
After registration, the cellular telephone provides a user interface that enables the user to select from a menu of financial transactions. This functionality, i.e. the structure and content of the menu, is provided in the cellular telephone firmware, using a SIM toolkit, a
Wireless Application Protocol (WAP) interface or a means provided in another format such as printed hardcopy format as described above. A hardcopy menu will have numbers corresponding to available financial transactions for keying the numbers into the input means or keypad of the mobile telephone. It will be appreciated that the input means can be electronic input means as opposed to being a keypad.
The user is prompted to select a transaction as well as a bank account or card from their banking profiles. As with transactions initiated at an Automatic Teller Machine (ATM) terminal, a bank Personal Identification Number (PIN) is requested from user to authorise the transaction. Once the transaction information has been obtained from the user, a transaction message is generated and transmitted via a cellular network to the switch 12.
The transaction message comprises an encrypted bank PIN, which is a product of the newly generated encryption key, information relating to the selected transaction as well as transaction information together with error check information.
In this embodiment, the transport mechanism for the transaction message is a Short
Message Service (SMS). On receiving the transaction message the switch 12 validates the accuracy of the transaction message by utilising the error check information and relays the instruction to the appropriate content provider 22 and/or financial institution 20. Information of a financial settlement is forward to a financial institution 20 after translation thereof by the translator 14 to an encrypted message with an encryption key that it has in common with the financial institution. All transaction messages are sent and forwarded together with error check information to ensure successful and accurate transmission and receipt.
The method of conducting electronic transactions described herein is a secure method in that at least part of the information transmitted from the mobile telephone 18 is encrypted and cannot be read if it is fraudulently intercepted. The translator used at the switch 12 is secure in that the translation process cannot be accessed or read and the translator itself cannot be opened to access the information therein. A translator as is known in the art is used. Such a translator will erase all information if it is tampered with and no electronic access to the translation process from outside such a translator is possible.
The information transmitted from the switch to a financial institution or to a content : provider is also encrypted and can not be understood if intercepted.
The transaction method is secure and customers using a mobile telephone can pay any
S third party accounts from their mobile telephones. Third party accounts do not have to be linked to a customer’s banking profile to transfer funds to these accounts. Third parties subscribe to the services of the switch 12 and do not have to be linked to a financial institution.
The invention is not limited to the precise details as described herein. For example, instead of the switch 12 being in fixed land-based communication with a financial institution 20 or content provider 22, the switch 12 can be in wireless communication with a financial institution 20 or content provider 22. Also, the memory means can be an : integrated circuit memory chip or a microprocessor having embedded memory instead of being a SIM card. The mobile phone used can be a cell phone as is known in the art or can be a satellite telephone any other portable device capable of accessing a wireless communication network. It is also unnecessary to store bank account numbers or bank card numbers on the memory means of the mobile telephone. These may be manually entered using the input means of a mobile terminal or keypad of a mobile telephone.
Claims (30)
1. A method of conducting electronic transactions comprising the steps of: storing an encryption key in a memory means of a mobile telephone; selecting a financial transaction with the mobile telephone from a number of available financial transactions; providing transaction information; generating a transaction message from the selected financial transaction and transaction information; encrypting at least part of the transaction message; transmitting the transaction message from the mobile telephone, over a wireless network.
2. A method as claimed in claim 1 in which the transaction message is transmitted from the mobile telephone to a receiving station.
} 3. A method as claimed in claim 2 in which the receiving station is a bank.
4. A method as claimed in claim 2 in which the receiving station is a switch.
5. A method as claimed in any one of the preceding claims in which the mobile telephone is a cellular telephone or a satellite telephone.
6. A method as claimed in any one of the preceding claims in which the transaction information includes at least a PIN.
7. A method as claimed in claim any one of claims 1 to 5 in which the transaction information includes at least one bank account number or bank card number.
8. A method as claimed in claim 7 wherein the bank card number or the bank account number is stored in the memory means.
9. A method as claimed in any one of the preceding claims in which the transaction message includes information relating to the selected transaction, a bank account number and a PIN.
10. A method as claimed in any one of claims 1 to 7 in which the transaction message includes information relating to the selected transaction, a bank card number and a
PIN.
11. A method as claimed in claim 8 or 9 in which at least the PIN is encrypted before transmission of the transaction message.
12. A method as claimed in any one of the preceding claims in which the transaction message includes error check information to facilitate the validation of the integrity of the transmitted message and to facilitate the authentication of the source from which the message is transmitted.
13. A method as claimed in any one of the preceding claims in which the memory means is a SIM card. :
14. A method as claimed in any one of claims 1 to 12 in which the memory means is an Integrated Circuit (IC) memory chip.
15. A method as claimed in any one of claims 1 to 12 in which the memory means is a microprocessor.
16. A method as claimed in any one of the preceding claims in which an encryption algorithm is stored on the memory means.
17. A method as claimed in claim 16 in which copies of the encryption algorithm and the encryption key are stored at the switch.
18. A method as claimed in claim 16 in which copies of the encryption algorithm and the encryption key are stored at the financial institution.
19. A mobile telephone having input means for inputting transaction information and for selecting a financial transaction from a number of available financial transactions; memory means for storing at least an encryption key; generating means for generating : an at least partially encrypted transaction message from the transaction information, information relating to the selected financial transaction and the encryption key; and transmission means for transmitting the message over a wireless network.
20. A mobile telephone as claimed in claim 19 in which the memory means is a SIM card.
21. A mobile telephone as claimed in claim 19 in which the memory means is an Integrated Circuit (IC) memory chip.
22. A mobile telephone as claimed in claim 19 in which the memory means is a Microprocessor.
23. A mobile telephone as claimed in any one of claim 19 to 22 in which an encryption algorithm is stored in the memory means.
24. A mobile telephone as claimed in claim 23 in which the encryption algorithm generates a new encryption key for each new financial transaction selected and subsequent transaction message generated.
25. A mobile telephone as claimed in any one of claim 19 to 23 in which error check information is transmitted with the transaction message.
26. A mobile telephone as claimed in claim 25 in which the error check information facilitates the authentication of the mobile telephone or SIM card and facilitates the validation of the integrity of the transaction message.
27. A mobile telephone as claimed in any one of claims 19 to 26 wherein the mobile phone transmits a transaction message to a receiving station.
28. A mobile phone as claimed in any one of claims 18 to 26 wherein the mobile telephone transmits a transaction message to a financial institution.
29. A mobile telephone as claimed in claim 27 in which the telephone transmits a transaction message to a switch or to a financial institution acting as a receiving : station.
30. A mobile telephone as claimed in claim 19 in which transaction information including a bank account number or bank card number but excluding a PIN is stored in the memory means.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| ZA200104018A ZA200104018B (en) | 1998-11-22 | 2001-05-17 | Method of, and apparatus for, conducting electronic transactions. |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| ZA986510 | 1998-11-22 | ||
| ZA200104018A ZA200104018B (en) | 1998-11-22 | 2001-05-17 | Method of, and apparatus for, conducting electronic transactions. |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| ZA200104018B true ZA200104018B (en) | 2003-07-14 |
Family
ID=30448585
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| ZA200104018A ZA200104018B (en) | 1998-11-22 | 2001-05-17 | Method of, and apparatus for, conducting electronic transactions. |
Country Status (1)
| Country | Link |
|---|---|
| ZA (1) | ZA200104018B (en) |
-
2001
- 2001-05-17 ZA ZA200104018A patent/ZA200104018B/en unknown
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2000031699A1 (en) | Method of, and apparatus for, conducting electronic transactions | |
| US20180053167A1 (en) | Processing of financial transactions using debit networks | |
| US6032135A (en) | Electronic purse card value system terminal programming system and method | |
| US6516996B1 (en) | Electronic payment system | |
| EP1772832A1 (en) | Method of making secure payment or collection transactions using programmable mobile telephones | |
| US20120303528A1 (en) | System and method for performing a transaction responsive to a mobile device | |
| WO1998034203A1 (en) | Method and apparatus for performing financial transactions using a mobile communication unit | |
| WO2001084509A2 (en) | Secure payment method and apparatus | |
| US9342664B2 (en) | Method to make payment or charge safe transactions using programmable mobile telephones | |
| GB2357618A (en) | Transaction system | |
| US20020026413A1 (en) | Mobile real-time data processing system for use during delivery of products | |
| AU2020201984B2 (en) | Transaction security | |
| EP2316101A1 (en) | Method and system for managing financial transactions | |
| US20040210529A1 (en) | Method of making a monetary transaction between a customer and a merchant | |
| CA2856282C (en) | Method for carrying out a transaction, corresponding terminal and computer program. | |
| EP1906349A1 (en) | Payment and transaction system using digital mobile telephones | |
| ZA200104018B (en) | Method of, and apparatus for, conducting electronic transactions. | |
| KR100928412B1 (en) | Payment processing system using virtual merchant network | |
| KR20090004833A (en) | System for processing settlement of paymen of card related online account | |
| KR101004078B1 (en) | Method for Repayment of Charging Amount of Card Related Online Account | |
| EP1308912A2 (en) | Method and apparatus for crediting debit service accounts | |
| KR100897065B1 (en) | Method for Processing Charging Card Related Online Account | |
| Keller et al. | Mobile Electronic Commerce | |
| KR20080096637A (en) | System and method for processing payment | |
| KR20090007544A (en) | System for processing charging card related online account |