WO2005024677A1 - Method and system for transactions over a cellular mobile telephone network - Google Patents

Method and system for transactions over a cellular mobile telephone network Download PDF

Info

Publication number
WO2005024677A1
WO2005024677A1 PCT/EP2004/008677 EP2004008677W WO2005024677A1 WO 2005024677 A1 WO2005024677 A1 WO 2005024677A1 EP 2004008677 W EP2004008677 W EP 2004008677W WO 2005024677 A1 WO2005024677 A1 WO 2005024677A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
message
data
credit card
user
Prior art date
Application number
PCT/EP2004/008677
Other languages
French (fr)
Inventor
Fabrizio Ferrante
Nicola Sciannimanico
Original Assignee
Fabrizio Ferrante
Nicola Sciannimanico
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fabrizio Ferrante, Nicola Sciannimanico filed Critical Fabrizio Ferrante
Publication of WO2005024677A1 publication Critical patent/WO2005024677A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3229Use of the SIM of a M-device as secure element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • G06Q20/3255Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks using mobile network messaging services for payment, e.g. SMS
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/342Cards defining paid or billed services or quantities
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/02Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by keys or other credit registering devices
    • G07F7/025Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by keys or other credit registering devices by means, e.g. cards, providing billing information at the time of purchase, e.g. identification of seller or purchaser, quantity of goods delivered or to be delivered
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/83Notification aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/83Notification aspects
    • H04M15/84Types of notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/81Notifying aspects, e.g. notifications or displays to the user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/81Notifying aspects, e.g. notifications or displays to the user
    • H04M2215/8129Type of notification

Definitions

  • the present invention relates to a method and to a system or apparatus for transactions over a mobile or fixed telephone network.
  • Technological development in recent years and the diffusion of low-cost data communications tools have changed radically the way of operating on the market both as regards the trade of tangible and intangible property and as regards banking-related or asset-management operations.
  • the worldwide diffusion of data communications networks and of telephone networks together with the exponential growth of the number of users connected to these networks, has opened, and is still opening, new possibilities of application, creating new needs also from a commercial standpoint and revolutionizing the preliminary behaviors related to the normal purchase/sale and customer/supplier relationship.
  • the payment methods mentioned above are unable to offer these assurances fully, and therefore there is the strongly felt need, in the current art, to have a more advanced transaction management system that provides, together with practicality in use and security, assurance against the risks that the user runs by subscribing to a conventional means of payment.
  • the aim of the present invention is therefore to provide a data communications method that overcomes the risks and burdens correlated to a conventional means of payment and can also be applied in different operating contexts requiring the exchange of information between a user and a service provider, therefore not only in the context of purely financial transactions.
  • An object of the present invention is to provide a system that allows any kind of transaction by means of a credit/debit card, providing assurance to the cardholder against unauthorized uses of the card and to the goods or service provider as to the correctness of the transaction, in which the system uses a dialog between a party interested in purchasing given goods or a given service, his or her credit institution where he or she has deposited funds, and a party providing given goods or a given service.
  • a further object of the invention is to create a method for protecting confidential information sent by means of mobile telephone systems.
  • a further object is to protect the owner of exploitation rights on a given work, be it multimedia work or software, against unauthorized uses of the work.
  • a method for performing transactions preferably of a monetary type or involving critical data, over a mobile telephone network, comprising the steps of: receiving a request for transaction from a user toward a supplier, including identification data; identifying, by means of the received identification data, a corresponding mobile telephone number associated with the user; sending a message requesting confirmation of the transaction to the mobile telephone number; receiving and verifying a message returned from the mobile telephone in response to the confirmation request message.
  • a system for performing transactions mainly of the monetary type or involving critical data, over a mobile telephone network, comprising a means for receiving a transaction request from a user toward a supplier, including identification data; a means for identifying, by means of the identification data, a corresponding mobile telephone number associated with the user; a means for sending a transaction confirmation request message to the mobile telephone number; a means for receiving and verifying a return message from the mobile telephone in response to the confirmation request message.
  • the message requesting confirmation of the transaction and/or the return message are messages of the SMS or MMS type.
  • the identification data include data identifying an amount and data identifying a credit card, which can be of the conventional or single-use type.
  • the single-use credit card number is received and stored on a mobile telephone by means of a function of a software component for the management of credit cards.
  • the return message is generated by means of a shortcut function that can be retrieved by the software component, which can be implemented in a SIM card of the mobile telephone.
  • FIG. 1 is a block diagram of a preferred embodiment of the present invention, applied to the protection of distributed multimedia content, using a dedicated SIM card
  • Figure 5 is a block diagram of a preferred embodiment of the present invention, applied to the protection of computer software.
  • Figure 6 is a block diagram showing an example of encryption for the protection of multimedia content.
  • a customer or user owns a cellular telephone 2 of the GSM (Groupe Special Mobile) or UMTS (Universal Mobile Telecommunications System) type, or a satellite telephone or a telephone based on another technology, equipped with various slots suitable to receive one or more SIM (Subscriber Identity Module) cards 1 or another hardware device, also provided with a data input/output device, for example an infrared data communications port or a data communications port based on Bluetooth, W-LAN, WiFi or other wireless technology.
  • GSM Groupe Special Mobile
  • UMTS Universal Mobile Telecommunications System
  • SIM Subscriber Identity Module
  • GDTS Generic Device Transaction System
  • the dedicated GDTS software and/or hardware can be implemented on a conventional SIM card 1 or in the mobile telephone device 2 itself.
  • the GDTS can also be a dedicated device, designated by the reference numeral 16 in Figure 1. In the continuation of the description, reference will be made therefore equally to a mobile telephone provided with GDTS software/hardware functions or to the dedicated GDTS device 16.
  • the mobile telephone 2 is capable of sending and receiving data over a telephone network 4, preferably a mobile telephone network 4, by means of an antenna 3 located proximate to the user or via satellite, particularly in order to exchange data with an institution provided with a validation system 5.
  • the institution is a banking institution or in any case another financial institution where the customer has at least one current account.
  • a first function of the GDTS is to store or generate, in an appropriate password- protected memory area, single-use transaction numbers, termed herein OSTCs (One- Shot Transaction Certificate).
  • the single-use data generation algorithm may be any, as is known from the prior art, provided that it ensures determinism and non-ambiguity of the result.
  • the OSTCs can also be generated beforehand and assigned by the banking system or institution to the GDTS unit and destroyed, for security purposes, after their single use.
  • the institution can thus provide a generation algorithm or directly the individual identification numbers of the OSTCs, sending them preferably in an encrypted manner to the mobile telephone 2 of the user.
  • the institution associates the SIM cards 1 of registered customers with a universal unique bank code, termed herein WBC (World Bank Code).
  • WBC World Bank Code
  • a mainframe termed BMS (Bank Mainframe System) 5, and an archive or database (DB) 6, which stores the banking details of the customers with the data related to the accounts, including the remaining credit available on each account, is housed or accessible at the banking system or institution.
  • BMS Bank Mainframe System
  • DB database
  • customer details which also include the mobile telephone numbers of the SIM cards 1 in association with the WBC and with the current account details of the user.
  • the part of the diagram related to the supplier of the goods or services is represented by a terminal 8 and by a display 9 on which it is possible to view the amount of the transaction in progress.
  • the term "supplier" designates any organization providing a service requiring a monetary transaction or even just a generic data transaction from a user who requests the service, where the transaction requires verification and validation on the part of the validation system 5.
  • the terminal 8 can be a conventional POS (Point Of Sale), a terminal for reading conventional credit/debit cards, or another data processing device in which the information related to a transaction can be entered and stored.
  • the POS is connected to a public or private fixed or cellular or satellite communications network or channel 7, by means of which the data related to the transaction are sent to the private network of the banking institution so that they reach the BMS 5.
  • the data related to the articles or services to which the user transaction relates, and the associated prices, are obtained from data entry devices, such as for example keyboards, bar code readers, scanners, RFIDs, or the like.
  • the communications side 10 related to the supplier is not discussed in further detail, because those are technologies well known in the art. With reference to the flowcharts shown in Figures 2 and 3, the operation of the system according to the present invention is as follows. In a first step, the user purchases goods or services from a supplier.
  • the terminal 8 of the supplier is equipped with an appropriately provided device for reading and acquiring the number of the credit/debit card by means of the classic "swiping" of the credit/debit card (step 101).
  • the credit/debit card number is then sent to the BMS 5 together with the data related to the transaction in progress (such as for example the detailed list of the individual products or services purchased by the user, the individual amounts, the total amount of the transaction, the date and time when the transaction occurred), and other data related to the supplier (such as for example company name, city and address), as shown in the block 102 in Figure 2.
  • Figure 2, case B illustrates a flowchart related to a situation in which the user purchases goods or services from an Internet site of a supplier.
  • the total amount to be paid is displayed on the terminal of the user (step 103).
  • the user selects on his mobile device with GDTS technology 2 an appropriately provided function, which can be accessed by entering a user identification code and a password, which is present in the GDTS in order to retrieve a one-shot transaction code OSTC (step 104) previously purchased from his bank and stored in an appropriately provided protected memory space provided on the SIM 1 or in the hardware of the GDTS.
  • OSTC code number is set over the Internet to the server of the supplier, indicating the amount of the transaction.
  • case D illustrates a flowchart in the situation in which the user purchases goods or services from an Internet site of a supplier or in the case of a conventional purchase in the real world or by telephone. After filling the "virtual" shopping cart with the selected products, or for conventional purchases, the total amount to be paid is shown on the terminal of the supplier (step 130).
  • the user selects, on his mobile device with GDTS technology 2, an appropriately provided function, which can be accessed by entering a user identification code and a password, which is present in the GDTS in order to retrieve a one-shot transaction code number OSTC (step 130).
  • OSTC number Once the OSTC number has been retrieved from the GDTS, it is filled in with the details of the payment (amount, beneficiary of the payment, WBC of the beneficiary) (step 131), and sent (step 132) over the mobile telephone network 4.
  • the BMS 5 (step 133) verifies key data, termed DSK (Data Security Keys), of the transaction.
  • the BMS 5 queries the DB 6, identifying the cellular telephone number that corresponds to the OSTC, and assesses the credit available.
  • DSK Data Security Keys
  • the available credit If the available credit is sufficient, it sends an SMS/MMS of the SBCR (SMS Bank Confirmation Reply) type to the user, requesting confirmation of the transaction (step 116).
  • the BMS 5 remains in standby (step 117), waiting for reception of the SBCR, for a specific time starting from when the user sends the transaction acceptance request message. If the SBCR is not received before this period of time elapses, the BMS 5 assumes that the user has refused (step 118) the terms of the transaction in progress and terminates it (step 136), possibly also canceling the corresponding OSTC. If the SBCR is accepted, the BMS 5 verifies that all the DSK (Data Security Keys) match.
  • DSK Data Security Keys
  • the BMS 5 If the DSK are accepted on the basis of the data in the DB 6, the BMS 5 generates a credit for the amount of the transaction on the WBC account of the supplier, sending a confirmation SMS/MMS and/or an e-mail confirming that the transaction has occurred to the client and to the supplier (step 135).
  • the DSK are a data string that contains at least generically: the mobile telephone number, the hardware identifier of the mobile device, personal data of the user, the STI identifier, described in greater detail hereinafter, when available, the OSTC code, the GPS geographic location if available, the amount, and the WBC of the supplier.
  • FIG. 2 case C, illustrates a flowchart in the situation in which the user goes to a supplier, as in example A, but payment by credit/debit card occurs by sending to the BMS 5 an OSTC by virtue of a special terminal 15, termed STD (Secure Transaction Device).
  • STD Secure Transaction Device
  • the STD is connected by means of a dedicated network or fixed telephone network 14 or mobile telephone network 13 to the banking system, so that it can access the BMS 5.
  • the STD 15 is provided with an input/output interface, for example of the Bluetooth or IR (Infrared) type or of another type, capable of receiving and sending data 12 to the GDTS 16 or cellular telephone 2 of the user.
  • IR Infrared
  • the user after making his choices to purchase goods or services at the supplier, at payment time receives wirelessly the amount of the transaction and the identity of the supplier, then retrieves an OSTC with the amount due from the menu of the GDTS and sends it to the STD.
  • the STD (step 108) in turn sends them to the BMS 5 (109) over the network 13, over the cable 14, or via satellite.
  • the BMS 5 proceeds with the checks mentioned in example B (steps 110 and 111). If the transaction is successful, the STD provides the operator with a confirmation ticket that contains all the details of the transaction performed. As shown in Figure 3, the BMS 5 performs recognition of the user identifier (step 113).
  • the BMS 5 By querying the database 6, the BMS 5 is able to trace the account number with which that customer and that credit/debit card are associated, verifying the match between the security keys (DSK, Data Security Keys) or the string of data defined in the case D of Figure 2. In this manner, having also received the data related to the transaction in progress, particularly the amount thereof, the BMS 5 performs a check (step 115) to see whether the residual credit that is present on the account is sufficient to cover the total amount related to the transaction in progress.
  • the security keys DSL, Data Security Keys
  • the BMS 5 sends an SBCR message to the cellular telephone 2 of the user (step 116), asking to confirm the transaction. All the details of the transaction are listed in the message and the user is asked whether he accepts and validates these details.
  • the BMS 5 remains in standby, waiting for reception of the SBCR, for a specific time starting from when the user sends the transaction acceptance request message (step 116).
  • the BMS 5 assumes that the user has refused the terms of the transaction in progress and terminates it (step 118), possibly also canceling the corresponding OSTC.
  • the SBCR message is retransmitted via local wireless-STD fixed network to the mobile device of the customer, and his response is retransmitted to the BMS 5 with the same mechanism.
  • the BMS 5 deems the transaction to be valid and accepts it. In this case, the amount that corresponds to the transaction in the database is deducted from the residual credit of the bank account.
  • the BMS 5 since the operation occurred by using an OSTC, the BMS 5 selects an appropriately provided flag for canceling the OSTC on an appropriately provided registry of the database 6, so that if it subsequently receives an OSTC with the same identification number from said user, it will cancel any transaction in progress, since the OSTCs can be used only once. Finally, the BMS 5 sends the "successful" completed transaction data to the terminal 8 or to the STD 15 of the supplier and a confirmation message to the cellular telephone 2 of the user (step 122). In this manner, the supplier is informed that the goods or service has been paid by the user and delivers the goods or service, completing the transaction in progress (step 123).
  • step 115 the banking system, in addition to canceling the transaction, might perform payment on credit or activate a credit line in real time following agreements made with the customer.
  • SI Ms or other hardware that can be accommodated in the GDTS devices in order to provide new functions or applications that utilize GDTS/OSTC technology. These applications also use the already-known 3G/UMTS broadband communications technology, which allows to send extremely large data packets.
  • Example 1 purchase of shares or services of a SIM (securities brokerage company.
  • GDTS GDTS technology
  • the user by means of an OSTC, in fact proposes to his credit institution the transfer of funds from his current account to the account of a beneficiary SIM.
  • the BMS 5 after checking the appropriate DSK, on the basis of the banking details indicated by the user, by means of an SMS or MMS, requests authorization for transfer, waiting for the confirmation SBCR, in the manner described above.
  • the BMS 5 In the case of purchase of shares or services, the BMS 5, after receiving the OSTC proposing a fund transfer from the user and after checking the DSK, furthermore verifies the credentials of the SIM and sends a new SMS/MMS message to the organization that issues the shares or services, requesting the purchase opportunity. If the issuing organization is in favor of the transaction, it sends an SMS or an MMS to the BMS 5, which in turn routes the authorization request to the user. After receiving the SBCR from the user, the BMS 5 transfers funds in exchange for shares or services, confirming to the user that the transaction has occurred and its quality.
  • Example 2 verification of check cover. The check, prepared appropriately, has a WBC identification code. The beneficiary user sends it by means of a GDTS menu to the BMS 5.
  • Example 3 protection of distributed multimedia content, using a dedicated SIM card 1 termed MSC (Multimedia Smart Card).
  • MSC Multimedia Smart Card
  • the network manager can sell directly any kind of multimedia work or software in which the DSK of the requesting party have been encrypted prior to release.
  • the user can choose any type of multimedia content or software that is available, therefore a limitless number of works, purchasing and using it in a matter of moments, according to the method described in Example 1.
  • cellular telephones 2 termed EMMPs (Extended Multimedia Mobile Phone) and designed specifically, in addition to playing back the downloaded works, can communicate with other devices for playing back the downloaded material in a more enjoyable format, for example via WLAN, Bluetooth, IR, et cetera, to be played back by virtue of television sets, car stereos, home stereo systems, simply by placing the EMMP in the vicinity.
  • the EMMP may have memory and expansions, capable of playing back large compressed files.
  • An adequate dialog software allows mutual recognition of the devices and to execute the multimedia works.
  • the loaded multimedia content can be used exclusively by the MSC mobile unit that purchased it, is not negotiable, and cannot be sold or copied by third parties.
  • the MSC units will not run a code sold to other units.
  • the operator can provide virtual download areas on the cellular mobile telephone network, where purchases can also be stored as in a personal archive, as well as in the EMC itself, or in appropriate storage peripherals.
  • purchases can also be stored as in a personal archive, as well as in the EMC itself, or in appropriate storage peripherals.
  • conventional shops for selling CDs, CD-ROMs, software, videos or for video rental are provided with appropriate indoor or outdoor areas for purchasing the multimedia content by means of appropriate links of the WLAN, Bluetooth, IR types and the like.
  • the multimedia content can be sold permanently or be rented with encryption for use with an expiry date, for demonstrations, or for single use.
  • An exemplifying block diagram of an EMMP cellular telephone 400 is shown in Figure 4.
  • the cellular telephone 400 includes a user interface and operating protocols block 401 , which is connected to ports 402 of the type described above, to a SIM card reader 403, and/or to a keypad 404, and various optional types of memory, for example DRAM 405, Flash RAM 406, SRAM 407, an LCD 508.
  • a CODEC+DSP (Digital Signal Compressor) unit 410 for encoding/decoding the data, which can be connected to audio/video playback systems 411 and to a radiofrequency stage 412 provided with an antenna 413.
  • Example 4 protection of computer software.
  • SSSVM Secure Software Server Virtual Machine
  • the SSSVM is based on OSTC and MSC technology, and allows, over the cellular telephone network, to purchase and run software, communicating with the machines in its work area, which access it by means of a suitable navigation software such as Microsoft Internet Explorer, Netscape Navigator, Opera or generically a Java Virtual Machine or other virtual systems, via a WLAN, Bluetooth, IR, WiFi or other similar system, making the software virtually secure and copy-proof.
  • the seller of the software can update it or enhance it or sell only its usage time by accessing via the telephone network at any time.
  • a preferred embodiment of the SSSVM is shown in Figure 5, which shows an SSSVM
  • the computer furthermore includes a chipset 505 for a data communications protocol capable of receiving data over highspeed ports 507.
  • the SSSVM includes a user interface and operating protocol block 508, which is connected to the high-speed ports 507, to a SIM card reader 509, and/or to a keypad 510; various optional types of memory, for example DRAM 511 , Flash RAM 512, SRAM 513; and an LCD 514.
  • CODEC+DSP Digital Signal Compressor
  • the OMS On-line Multimedia System
  • the OMS obtains the DSK of the requesting party and sends the data to confirm payment to the BDS, which pays for the work with the method described above; this step is designated by the reference numeral 602 in the diagram of Figure 6.
  • the OMS system associates a polynomial code (SSC, Super Security Code) with the DSK personal data of the requesting party.
  • the OMS encrypts the SSC code in the multimedia work, step 604, in different manners and locations, and then the OMS routes the purchased work to the requesting party, step 605.
  • Example 5 telephone top-up for top-up SIM cards 1.
  • OSTC operating system
  • Example 6 highway toll payment.
  • HSC Highway Smart Card
  • IR infrared
  • Appropriately prepared digital meters connect via SMS or MMS or locally via Bluetooth or I R or over wires to the cellular telephone 2 to provide an "electronic" bill of usage, requesting its payment, according to the method described with reference to Example 1. These meters can optionally be topped up at will, so as to be able to use the utilities until credit is used up.
  • Example 8 television pay-per-view.
  • a dedicated SIM card 1 termed PPMC (Pay per View Mobile Card) is used. This system allows specific payments, eliminating the use of payment via decoder for pay-per-view television stations, with choice of shows and scheduling of chosen shows, according to the method described with reference to Example 1.
  • Example 9 pay per view on demand. One uses a SIM card 1 and an application as described with reference to Example 8.
  • the EMMP allows to provide a television system in which, by means of an OSTC, it is possible to purchase individual shows, regardless of program schedules or time of production.
  • Example 10 lotteries and betting.
  • GMC dedicated SIM card 1
  • Example 11 identity documents, personal identification documents, health book and/or health card.
  • a dedicated SIM card 1 termed IPDC (Identifier Private Dates Card), is used.
  • IPDC Identity Private Dates Card
  • the initially empty SIM 1 is recorded, and updated when necessary exclusively by the assigned organizations, for example the prefecture, municipality, police, health service, et cetera.
  • identification devices that may also be mobile, it is possible to query, verify and compare these data with the data that are present in worldwide security systems.
  • Example 12 top-up car insurance.
  • GDTS Global Positioning System
  • OSTC Mobile Communications
  • Example 13 electronic voting. Elections can be performed easily by sending to mobile telephones electronic certificates that are recognized by dedicated election SI Ms

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Finance (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A system for performing transactions, preferably of the monetary type or involving critical data, over a telephone network, preferably a mobile telephone network, including the steps of: receiving a transaction request from a user toward a supplier, including identification data; identifying, by way of the identification data, a corresponding mobile telephone number associated with the user; sending a transaction confirmation request message to the mobile telephone number; receiving and verifying a return message from the mobile telephone in response to the confirmation request message.

Description

METHOD AND SYSTEM FOR TRANSACTIONS OVER A CELLULAR MOBILE TELEPHONE NETWORK The present invention relates to a method and to a system or apparatus for transactions over a mobile or fixed telephone network. Technological development in recent years and the diffusion of low-cost data communications tools have changed radically the way of operating on the market both as regards the trade of tangible and intangible property and as regards banking-related or asset-management operations. Moreover, the worldwide diffusion of data communications networks and of telephone networks, together with the exponential growth of the number of users connected to these networks, has opened, and is still opening, new possibilities of application, creating new needs also from a commercial standpoint and revolutionizing the preliminary behaviors related to the normal purchase/sale and customer/supplier relationship. In this context, it is known that products or services are being increasingly paid by using tools that utilize the ubiquitous connections among data communications networks that currently exist and connect points of sale with operations centers capable of handling in real time the information related to a transaction. However, these instruments, which include in particular credit cards, debit cards and ATM cards, are affected by some evident problems that are mainly linked to the danger of fraud. On the one hand there is in fact the need to provide adequate security for the person making the payment, ensuring that the critical data of the chosen means of payment, for example the person's current account number or credit card number, cannot be used if stolen. On the other hand, there is the need to provide assurance to the trader or service provider that payment for the goods delivered or the service offered to the buyer has been made. The payment methods mentioned above are unable to offer these assurances fully, and therefore there is the strongly felt need, in the current art, to have a more advanced transaction management system that provides, together with practicality in use and security, assurance against the risks that the user runs by subscribing to a conventional means of payment. The aim of the present invention is therefore to provide a data communications method that overcomes the risks and burdens correlated to a conventional means of payment and can also be applied in different operating contexts requiring the exchange of information between a user and a service provider, therefore not only in the context of purely financial transactions. An object of the present invention is to provide a system that allows any kind of transaction by means of a credit/debit card, providing assurance to the cardholder against unauthorized uses of the card and to the goods or service provider as to the correctness of the transaction, in which the system uses a dialog between a party interested in purchasing given goods or a given service, his or her credit institution where he or she has deposited funds, and a party providing given goods or a given service. A further object of the invention is to create a method for protecting confidential information sent by means of mobile telephone systems. A further object is to protect the owner of exploitation rights on a given work, be it multimedia work or software, against unauthorized uses of the work. This aim and these and other objects that will become better apparent hereinafter are achieved by a method for performing transactions, preferably of a monetary type or involving critical data, over a mobile telephone network, comprising the steps of: receiving a request for transaction from a user toward a supplier, including identification data; identifying, by means of the received identification data, a corresponding mobile telephone number associated with the user; sending a message requesting confirmation of the transaction to the mobile telephone number; receiving and verifying a message returned from the mobile telephone in response to the confirmation request message. This aim and these objects are also achieved by a system for performing transactions, mainly of the monetary type or involving critical data, over a mobile telephone network, comprising a means for receiving a transaction request from a user toward a supplier, including identification data; a means for identifying, by means of the identification data, a corresponding mobile telephone number associated with the user; a means for sending a transaction confirmation request message to the mobile telephone number; a means for receiving and verifying a return message from the mobile telephone in response to the confirmation request message. Preferably, the message requesting confirmation of the transaction and/or the return message are messages of the SMS or MMS type. With more specific reference to the case of financial transactions, the identification data include data identifying an amount and data identifying a credit card, which can be of the conventional or single-use type. The single-use credit card number is received and stored on a mobile telephone by means of a function of a software component for the management of credit cards. The return message is generated by means of a shortcut function that can be retrieved by the software component, which can be implemented in a SIM card of the mobile telephone. Further characteristics and advantages will become better apparent from the description of preferred but not exclusive embodiments of the invention, illustrated by way of nonlimiting example in the accompanying drawings, wherein: Figure 1 is a diagram of a preferred embodiment of the present invention; Figure 2 is a flowchart of the initial steps of the method in the following cases: A. the transaction request is paid by means of a conventional credit/debit card; B. the transaction request is made over the Internet (case 1); C. the transaction request is made by virtue of an appropriately provided terminal of the supplier; D. the transaction request is made over the Internet (case 2); Figure 3 is a flowchart of the common steps of the method according to the present invention; Figure 4 is a block diagram of a preferred embodiment of the present invention, applied to the protection of distributed multimedia content, using a dedicated SIM card; Figure 5 is a block diagram of a preferred embodiment of the present invention, applied to the protection of computer software. Figure 6 is a block diagram showing an example of encryption for the protection of multimedia content. For the sake of simplicity and clarity in description, the general principles of the present invention are described hereafter with reference to cellular devices connected to a commercial cellular mobile telephone network. The person skilled in the art, however, will appreciate without effort that the same principles can be extended easily to the use of any other device capable of connecting to the network and capable of establishing and maintaining a bidirectional communication over a fixed or mobile network by means of any fixed, mobile cellular or satellite network. With reference now to Figure 1 , a customer or user owns a cellular telephone 2 of the GSM (Groupe Special Mobile) or UMTS (Universal Mobile Telecommunications System) type, or a satellite telephone or a telephone based on another technology, equipped with various slots suitable to receive one or more SIM (Subscriber Identity Module) cards 1 or another hardware device, also provided with a data input/output device, for example an infrared data communications port or a data communications port based on Bluetooth, W-LAN, WiFi or other wireless technology. In the mobile telephone 2 there is a dedicated software and/or hardware component for handling credit/debit cards, termed GDTS (Generic Device Transaction System), which implements functions aimed at handling credit/debit cards and functions that can be accessed by the user by means of a suitable menu. The dedicated GDTS software and/or hardware can be implemented on a conventional SIM card 1 or in the mobile telephone device 2 itself. As an alternative, the GDTS can also be a dedicated device, designated by the reference numeral 16 in Figure 1. In the continuation of the description, reference will be made therefore equally to a mobile telephone provided with GDTS software/hardware functions or to the dedicated GDTS device 16. The mobile telephone 2 is capable of sending and receiving data over a telephone network 4, preferably a mobile telephone network 4, by means of an antenna 3 located proximate to the user or via satellite, particularly in order to exchange data with an institution provided with a validation system 5. In particular, with reference to the exemplifying and nonlimiting case of monetary transactions, the institution is a banking institution or in any case another financial institution where the customer has at least one current account. A first function of the GDTS is to store or generate, in an appropriate password- protected memory area, single-use transaction numbers, termed herein OSTCs (One- Shot Transaction Certificate). The single-use data generation algorithm may be any, as is known from the prior art, provided that it ensures determinism and non-ambiguity of the result. The OSTCs can also be generated beforehand and assigned by the banking system or institution to the GDTS unit and destroyed, for security purposes, after their single use. When a user requests one or more OSTCs, the institution can thus provide a generation algorithm or directly the individual identification numbers of the OSTCs, sending them preferably in an encrypted manner to the mobile telephone 2 of the user. The institution associates the SIM cards 1 of registered customers with a universal unique bank code, termed herein WBC (World Bank Code). The WBC acts as a unique key to link the mobile telephone 2 of the user to his banking system in an assured and unambiguous manner. A mainframe, termed BMS (Bank Mainframe System) 5, and an archive or database (DB) 6, which stores the banking details of the customers with the data related to the accounts, including the remaining credit available on each account, is housed or accessible at the banking system or institution. The BMS 5, or a local and remote archive that can be accessed by it, also stores customer details, which also include the mobile telephone numbers of the SIM cards 1 in association with the WBC and with the current account details of the user. There is also, in the form of a software component, the algorithm that allows to generate and verify the OSTCs or the list of preassigned OSTCs. It is possible to check at all times, if necessary, the validity and authenticity of the numbers stored in the SIM cards 1 of one's customers. The part of the diagram related to the supplier of the goods or services is represented by a terminal 8 and by a display 9 on which it is possible to view the amount of the transaction in progress. The term "supplier" designates any organization providing a service requiring a monetary transaction or even just a generic data transaction from a user who requests the service, where the transaction requires verification and validation on the part of the validation system 5. The terminal 8 can be a conventional POS (Point Of Sale), a terminal for reading conventional credit/debit cards, or another data processing device in which the information related to a transaction can be entered and stored. Preferably, the POS is connected to a public or private fixed or cellular or satellite communications network or channel 7, by means of which the data related to the transaction are sent to the private network of the banking institution so that they reach the BMS 5. The data related to the articles or services to which the user transaction relates, and the associated prices, are obtained from data entry devices, such as for example keyboards, bar code readers, scanners, RFIDs, or the like. The communications side 10 related to the supplier is not discussed in further detail, because those are technologies well known in the art. With reference to the flowcharts shown in Figures 2 and 3, the operation of the system according to the present invention is as follows. In a first step, the user purchases goods or services from a supplier. This can occur in the conventional manner, in which the user physically goes to the supplier and directly chooses the goods or services, as shown in cases A and C of Figure 2, or by using Internet technology, in cases B and D. The selected products are passed by the supplier to the terminal 8 by means of an input system, such as for example a bar code or RFID reader or the like, until the amount of the transaction is calculated and then presented on the display 9 and shown to the user (steps 100 and 103). Figure 2, case A, shows a flowchart in the situation in which the user pays by using a conventional credit/debit card on a plastic medium. In this situation, the terminal 8 of the supplier is equipped with an appropriately provided device for reading and acquiring the number of the credit/debit card by means of the classic "swiping" of the credit/debit card (step 101). The credit/debit card number is then sent to the BMS 5 together with the data related to the transaction in progress (such as for example the detailed list of the individual products or services purchased by the user, the individual amounts, the total amount of the transaction, the date and time when the transaction occurred), and other data related to the supplier (such as for example company name, city and address), as shown in the block 102 in Figure 2. Figure 2, case B, illustrates a flowchart related to a situation in which the user purchases goods or services from an Internet site of a supplier. After filling the "virtual" shopping cart with the selected products, the total amount to be paid is displayed on the terminal of the user (step 103). At this point, the user selects on his mobile device with GDTS technology 2 an appropriately provided function, which can be accessed by entering a user identification code and a password, which is present in the GDTS in order to retrieve a one-shot transaction code OSTC (step 104) previously purchased from his bank and stored in an appropriately provided protected memory space provided on the SIM 1 or in the hardware of the GDTS. Once retrieved from the GDTS, the OSTC code number is set over the Internet to the server of the supplier, indicating the amount of the transaction. The supplier routes this number to the BMS 5 (step 105), performs a check and then performs the transaction; the security details regarding the transaction are shown in greater detail with reference to case D below. Figure 2, case D, illustrates a flowchart in the situation in which the user purchases goods or services from an Internet site of a supplier or in the case of a conventional purchase in the real world or by telephone. After filling the "virtual" shopping cart with the selected products, or for conventional purchases, the total amount to be paid is shown on the terminal of the supplier (step 130). At this point, the user selects, on his mobile device with GDTS technology 2, an appropriately provided function, which can be accessed by entering a user identification code and a password, which is present in the GDTS in order to retrieve a one-shot transaction code number OSTC (step 130). Once the OSTC number has been retrieved from the GDTS, it is filled in with the details of the payment (amount, beneficiary of the payment, WBC of the beneficiary) (step 131), and sent (step 132) over the mobile telephone network 4. The BMS 5 (step 133) verifies key data, termed DSK (Data Security Keys), of the transaction. The BMS 5 queries the DB 6, identifying the cellular telephone number that corresponds to the OSTC, and assesses the credit available. If the available credit is sufficient, it sends an SMS/MMS of the SBCR (SMS Bank Confirmation Reply) type to the user, requesting confirmation of the transaction (step 116). The BMS 5 remains in standby (step 117), waiting for reception of the SBCR, for a specific time starting from when the user sends the transaction acceptance request message. If the SBCR is not received before this period of time elapses, the BMS 5 assumes that the user has refused (step 118) the terms of the transaction in progress and terminates it (step 136), possibly also canceling the corresponding OSTC. If the SBCR is accepted, the BMS 5 verifies that all the DSK (Data Security Keys) match. If the DSK are accepted on the basis of the data in the DB 6, the BMS 5 generates a credit for the amount of the transaction on the WBC account of the supplier, sending a confirmation SMS/MMS and/or an e-mail confirming that the transaction has occurred to the client and to the supplier (step 135). In a preferred embodiment, the DSK are a data string that contains at least generically: the mobile telephone number, the hardware identifier of the mobile device, personal data of the user, the STI identifier, described in greater detail hereinafter, when available, the OSTC code, the GPS geographic location if available, the amount, and the WBC of the supplier. Figure 2, case C, illustrates a flowchart in the situation in which the user goes to a supplier, as in example A, but payment by credit/debit card occurs by sending to the BMS 5 an OSTC by virtue of a special terminal 15, termed STD (Secure Transaction Device). The STD is connected by means of a dedicated network or fixed telephone network 14 or mobile telephone network 13 to the banking system, so that it can access the BMS 5. The STD 15 is provided with an input/output interface, for example of the Bluetooth or IR (Infrared) type or of another type, capable of receiving and sending data 12 to the GDTS 16 or cellular telephone 2 of the user. In this case, the user, after making his choices to purchase goods or services at the supplier, at payment time receives wirelessly the amount of the transaction and the identity of the supplier, then retrieves an OSTC with the amount due from the menu of the GDTS and sends it to the STD. The STD (step 108) in turn sends them to the BMS 5 (109) over the network 13, over the cable 14, or via satellite. Once the BMS 5 has received these data as described above, it proceeds with the checks mentioned in example B (steps 110 and 111). If the transaction is successful, the STD provides the operator with a confirmation ticket that contains all the details of the transaction performed. As shown in Figure 3, the BMS 5 performs recognition of the user identifier (step 113). This recognition occurs by virtue of the customer records, starting from the OSTC payment code, which must coincide with the telephone number of the GDTS and the hardware identifier of the GDTS unit. By querying the database 6, the BMS 5 is able to trace the account number with which that customer and that credit/debit card are associated, verifying the match between the security keys (DSK, Data Security Keys) or the string of data defined in the case D of Figure 2. In this manner, having also received the data related to the transaction in progress, particularly the amount thereof, the BMS 5 performs a check (step 115) to see whether the residual credit that is present on the account is sufficient to cover the total amount related to the transaction in progress. If this verification is successful, the BMS 5 sends an SBCR message to the cellular telephone 2 of the user (step 116), asking to confirm the transaction. All the details of the transaction are listed in the message and the user is asked whether he accepts and validates these details. The BMS 5 remains in standby, waiting for reception of the SBCR, for a specific time starting from when the user sends the transaction acceptance request message (step
120). If the SBCR has not been received when the time period expires, the BMS 5 assumes that the user has refused the terms of the transaction in progress and terminates it (step 118), possibly also canceling the corresponding OSTC. In the case C of Figure 2, if the transaction occurs via STD, the SBCR message is retransmitted via local wireless-STD fixed network to the mobile device of the customer, and his response is retransmitted to the BMS 5 with the same mechanism. If the SBCR is accepted, the BMS 5 deems the transaction to be valid and accepts it. In this case, the amount that corresponds to the transaction in the database is deducted from the residual credit of the bank account. Moreover, since the operation occurred by using an OSTC, the BMS 5 selects an appropriately provided flag for canceling the OSTC on an appropriately provided registry of the database 6, so that if it subsequently receives an OSTC with the same identification number from said user, it will cancel any transaction in progress, since the OSTCs can be used only once. Finally, the BMS 5 sends the "successful" completed transaction data to the terminal 8 or to the STD 15 of the supplier and a confirmation message to the cellular telephone 2 of the user (step 122). In this manner, the supplier is informed that the goods or service has been paid by the user and delivers the goods or service, completing the transaction in progress (step 123). If the case of step 115 is not verified, the banking system, in addition to canceling the transaction, might perform payment on credit or activate a credit line in real time following agreements made with the customer. Other possible examples and methods of use of the integrated technology for transaction over the mobile telephone network according to the inventive concept on which the present invention is based are presented hereinafter. As shown by the examples, it is possible to use SI Ms or other hardware that can be accommodated in the GDTS devices in order to provide new functions or applications that utilize GDTS/OSTC technology. These applications also use the already-known 3G/UMTS broadband communications technology, which allows to send extremely large data packets. Example 1 : purchase of shares or services of a SIM (securities brokerage company. By virtue of the GDTS technology, it is no longer necessary to go to banks and agencies of a given SIM or counters dispensing services, or to connect to the Internet. The user, by means of an OSTC, in fact proposes to his credit institution the transfer of funds from his current account to the account of a beneficiary SIM. The BMS 5, after checking the appropriate DSK, on the basis of the banking details indicated by the user, by means of an SMS or MMS, requests authorization for transfer, waiting for the confirmation SBCR, in the manner described above. In the case of purchase of shares or services, the BMS 5, after receiving the OSTC proposing a fund transfer from the user and after checking the DSK, furthermore verifies the credentials of the SIM and sends a new SMS/MMS message to the organization that issues the shares or services, requesting the purchase opportunity. If the issuing organization is in favor of the transaction, it sends an SMS or an MMS to the BMS 5, which in turn routes the authorization request to the user. After receiving the SBCR from the user, the BMS 5 transfers funds in exchange for shares or services, confirming to the user that the transaction has occurred and its quality. Example 2: verification of check cover. The check, prepared appropriately, has a WBC identification code. The beneficiary user sends it by means of a GDTS menu to the BMS 5. The BMS 5, after verifying the appropriate DSK, confirms financial cover. Example 3: protection of distributed multimedia content, using a dedicated SIM card 1 termed MSC (Multimedia Smart Card). By virtue of the SIM 1 , or by virtue of another hardware device, the network manager can sell directly any kind of multimedia work or software in which the DSK of the requesting party have been encrypted prior to release. By means of an appropriately provided menu that can be retrieved from the display of one's mobile telephone 2, the user can choose any type of multimedia content or software that is available, therefore a limitless number of works, purchasing and using it in a matter of moments, according to the method described in Example 1. In this manner, cellular telephones 2 termed EMMPs (Extended Multimedia Mobile Phone) and designed specifically, in addition to playing back the downloaded works, can communicate with other devices for playing back the downloaded material in a more enjoyable format, for example via WLAN, Bluetooth, IR, et cetera, to be played back by virtue of television sets, car stereos, home stereo systems, simply by placing the EMMP in the vicinity. The EMMP may have memory and expansions, capable of playing back large compressed files. An adequate dialog software allows mutual recognition of the devices and to execute the multimedia works. In this manner, the loaded multimedia content can be used exclusively by the MSC mobile unit that purchased it, is not negotiable, and cannot be sold or copied by third parties. The MSC units will not run a code sold to other units. The operator can provide virtual download areas on the cellular mobile telephone network, where purchases can also be stored as in a personal archive, as well as in the EMC itself, or in appropriate storage peripherals. For narrowband cellular telephone systems or for areas not covered by cellular telephone networks, conventional shops for selling CDs, CD-ROMs, software, videos or for video rental are provided with appropriate indoor or outdoor areas for purchasing the multimedia content by means of appropriate links of the WLAN, Bluetooth, IR types and the like. The multimedia content can be sold permanently or be rented with encryption for use with an expiry date, for demonstrations, or for single use. An exemplifying block diagram of an EMMP cellular telephone 400 is shown in Figure 4. The cellular telephone 400 includes a user interface and operating protocols block 401 , which is connected to ports 402 of the type described above, to a SIM card reader 403, and/or to a keypad 404, and various optional types of memory, for example DRAM 405, Flash RAM 406, SRAM 407, an LCD 508. There is also a CODEC+DSP (Digital Signal Compressor) unit 410 for encoding/decoding the data, which can be connected to audio/video playback systems 411 and to a radiofrequency stage 412 provided with an antenna 413. Example 4: protection of computer software. An appropriate device, termed SSSVM
(Secure Software Server Virtual Machine), similar in practice to a non-mobile EMC, is provided with an enhanced computer and with mass storage 402 and supplied by the electric mains. The SSSVM is based on OSTC and MSC technology, and allows, over the cellular telephone network, to purchase and run software, communicating with the machines in its work area, which access it by means of a suitable navigation software such as Microsoft Internet Explorer, Netscape Navigator, Opera or generically a Java Virtual Machine or other virtual systems, via a WLAN, Bluetooth, IR, WiFi or other similar system, making the software virtually secure and copy-proof. The seller of the software can update it or enhance it or sell only its usage time by accessing via the telephone network at any time. A preferred embodiment of the SSSVM is shown in Figure 5, which shows an SSSVM
500 provided with a computer equipped with a microprocessor and with a user interface
501 that is connected to a volatile memory 502, mass storage 503, high-speed ports 504 of the type mentioned above, which in turn are connected to a radiofrequency communications stage 505 with an antenna. The computer furthermore includes a chipset 505 for a data communications protocol capable of receiving data over highspeed ports 507. As in the preceding example, the SSSVM includes a user interface and operating protocol block 508, which is connected to the high-speed ports 507, to a SIM card reader 509, and/or to a keypad 510; various optional types of memory, for example DRAM 511 , Flash RAM 512, SRAM 513; and an LCD 514. There is also a CODEC+DSP (Digital Signal Compressor) unit 515 for data encoding/decoding, which is connected to a radiofrequency stage 516 provided with an antenna 517. Figure 6 is a schematic view of an example of encryption that is particularly useful in the protection of multimedia content. The protection procedure provides for a step, designated by the reference numeral
601 in Figure 6, in which a user requests a multimedia work by means of an EMMP or SSSVM, by virtue of an appropriate menu. Then the OMS (On-line Multimedia System) obtains the DSK of the requesting party and sends the data to confirm payment to the BDS, which pays for the work with the method described above; this step is designated by the reference numeral 602 in the diagram of Figure 6. In the subsequent step 603, the OMS system associates a polynomial code (SSC, Super Security Code) with the DSK personal data of the requesting party. The OMS encrypts the SSC code in the multimedia work, step 604, in different manners and locations, and then the OMS routes the purchased work to the requesting party, step 605. Example 5: telephone top-up for top-up SIM cards 1. By means of an OSTC, it is possible to instantly top-up one's own telephone credit remotely, according to the method presented with reference to Example 1. Example 6: highway toll payment. One uses a dedicated SIM card 1 , termed HSC (Highway Smart Card), for highway services, capable of communicating via Bluetooth or IR (infrared) with the toll station, after activating this service and setting up a credit that is immediately available, thus reducing charge times with respect to what is indicated in the method presented in Example 1. Example 7: instant billing for home or business utilities (electric power, water, gas, telephone). A dedicated SIM card 1 , termed CDSC (City Duties Smart Card), is used. Appropriately prepared digital meters connect via SMS or MMS or locally via Bluetooth or I R or over wires to the cellular telephone 2 to provide an "electronic" bill of usage, requesting its payment, according to the method described with reference to Example 1. These meters can optionally be topped up at will, so as to be able to use the utilities until credit is used up. Example 8: television pay-per-view. A dedicated SIM card 1 , termed PPMC (Pay per View Mobile Card) is used. This system allows specific payments, eliminating the use of payment via decoder for pay-per-view television stations, with choice of shows and scheduling of chosen shows, according to the method described with reference to Example 1. Example 9: pay per view on demand. One uses a SIM card 1 and an application as described with reference to Example 8. In this case, moreover, the EMMP allows to provide a television system in which, by means of an OSTC, it is possible to purchase individual shows, regardless of program schedules or time of production. Example 10: lotteries and betting. One uses a dedicated SIM card 1 termed GMC
(Gambling Mobile Card). The user can assign amounts of money to betting or lottery operators, according to the method presented with reference to Example 1. The user can thus purchase one or more tickets of the current competitions or bet on specific events proposed by the operator, which can be retrieved and selected from specific menus. Example 11 : identity documents, personal identification documents, health book and/or health card. A dedicated SIM card 1 , termed IPDC (Identifier Private Dates Card), is used. The initially empty SIM 1 is recorded, and updated when necessary exclusively by the assigned organizations, for example the prefecture, municipality, police, health service, et cetera. Subsequently, and substantially instantaneously, by using identification devices that may also be mobile, it is possible to query, verify and compare these data with the data that are present in worldwide security systems. Example 12: top-up car insurance. By means of a GDTS provided with GPS (Global Positioning System) fixed on a vehicle and the OSTC technology, it is possible to create an insurance "top-up", paying only for the trips actually made. This same principle also allows to detect speed limit violations, which can also be analyzed at a later time by the competent government authorities. Example 13: electronic voting. Elections can be performed easily by sending to mobile telephones electronic certificates that are recognized by dedicated election SI Ms
1. In this case, the OSTCs can recognize uniquely the individual voter, without the possibility of double voting, making democratic systems far more ubiquitous with extremely low costs. It has thus been found that the invention achieves the intended aim and objects. The method and system according to the invention are susceptible of numerous modifications and variations, within the scope of the appended claims. All the details may be replaced with technically equivalent elements. The materials used, as well as the dimensions, may of course be any according to the requirements and to the state of the art. Clearly, numerous modifications are evident and can be performed promptly by the person skilled in the art without abandoning the protective scope of the present invention. Accordingly, the protective scope of the claims must not be limited by the illustrations or by the preferred embodiments presented in the description as examples, but rather the claims must include all the characteristics of patentable novelty that reside within the present invention, including all the characteristics that would be treated as equivalent by the person skilled in the art.

Claims

CLAIMS 1. A method for performing transactions, preferably of a monetary type or involving critical data, over a mobile telephone network, comprising the steps of: receiving a request for transaction from a user toward a supplier, comprising identification data; identifying, by means of said identification data, a corresponding mobile telephone number associated with said user; sending a message requesting confirmation of said transaction to said mobile telephone number; receiving and verifying a message returned from said mobile telephone in response to said confirmation request message.
2. The method according to claim 1 , characterized in that said message requesting confirmation of said transaction is a message of the SMS or MMS type.
3. The method according to claim 1 or 2, characterized in that said return message is a message of the SMS or MMS type.
4. The method according to any one of the preceding claims, characterized in that said identification data comprise identification data of an amount and identification data of a credit card.
5. The method according to claim 4, characterized in that said credit card is a conventional credit card.
6. The method according to claim 5, characterized in that said credit card is a single- use credit card number.
7. The method according to claim 6, characterized in that said single-use credit card number is received and stored on a cellular telephone by means of a function of a software component for managing credit cards.
8. The method according to claim 7, characterized in that said return message is generated by means of a shortcut function that can be retrieved by said software component.
9. The method according to claim 8, characterized in that said software component for managing credit cards is implemented in a SIM card of the cellular telephone.
10. The method according to claim 9, further comprising the step of checking that the residual credit associated with said credit card is greater than, or equal to, said amount.
11. The method according to any one of the preceding claims, characterized in that said transactions relate to the purchase of multimedia works or software, or to the protection of software programs.
12. A system for making transactions, mainly of a monetary type or involving critical data, over a mobile telephone network, comprising: a means for receiving a request for transaction from a user toward a supplier, comprising identification data; a means for identifying, by means of said identification data, a corresponding cellular telephone number associated with said user; a means for sending a message requesting confirmation of said transaction to said cellular telephone number; a means for receiving and verifying a return message from said cellular telephone in response to said confirmation request message.
13. The system according to claim 12, characterized in that said message requesting confirmation of said transaction is a message of the SMS or MMS type.
14. The system according to claim 12 or 13, characterized in that said return message is a message of the SMS or MMS type.
15. The system according to any one of claims 1 1 to 14, characterized in that said identification data comprise identification data of an amount and identification data of a credit card.
16. The system according to claim 15, characterized in that said credit card is a conventional credit card.
17. The system according to claim 16, characterized in that said credit card is a single-use credit card number.
18. The system according to claim 17, characterized in that said single-use credit- card number is received and stored on a cellular telephone by means of a function of a software component for credit card management.
19. The system according to claim 18, further comprising a means for checking that the residual credit associated with said credit card is higher than, or equal to, said amount.
20. The system according to one or more of the preceding claims, characterized in that the cellular telephone comprises a user interface and operating protocol block, which is connected to ports, to a SIM card reader and/or to a keypad; various optional types of memory, for example DRAM, Flash RAM, SRAM; and an LCD; there is also a CODEC+DSP (Digital Signal Compressor) unit for data encoding/decoding, which can be connected to audio/video playback systems and to a radiofrequency stage provided with an antenna.
21. The system according to one or more of the preceding claims, characterized in that it comprises an SSSVM provided with a computer equipped with a microprocessor and a user interface connected to a volatile memory, mass storage, high-speed ports of the type cited above, which are in turn connected to a radiofrequency communications stage with an antenna; the computer further comprises a chipset for a data processing protocol that is capable of receiving data over high-speed ports; the SSSVM furthermore comprises a user interface and operating protocol block, which is connected to the highspeed ports, to a SIM card reader and/or to a keypad; various optional types of memory, for example DRAM, Flash RAM, SRAM; and an LCD; there is also a CODEC+DSP (Digital Signal Compressor) unit for data encoding/decoding, which is connected to a radiofrequency stage provided with an antenna.
22. The system according to one or more of the preceding claims, characterized in that it comprises a protection or encryption procedure, which comprises the following steps: the user requests a multimedia work by means of an EMMP or SSSVM, by way of a suitable menu; the OMS (On-line Multimedia System) obtains the DSK of the requesting party and sends the data to confirm the payment to the BDS, which pays for the work; the OMS system associates a polynomial code (SSC, Super Security Code) with the DSK personal data of the requesting party; the OMS encrypts the SSC code in the multimedia work in different manners and locations; the OMS routes the purchased work to the requesting party.
PCT/EP2004/008677 2003-09-08 2004-08-03 Method and system for transactions over a cellular mobile telephone network WO2005024677A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ITMI2003A001718 2003-09-08
IT001718A ITMI20031718A1 (en) 2003-09-08 2003-09-08 METHOD AND SYSTEM FOR TRANSACTIONS THROUGH A NETWORK OF

Publications (1)

Publication Number Publication Date
WO2005024677A1 true WO2005024677A1 (en) 2005-03-17

Family

ID=34260014

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2004/008677 WO2005024677A1 (en) 2003-09-08 2004-08-03 Method and system for transactions over a cellular mobile telephone network

Country Status (2)

Country Link
IT (1) ITMI20031718A1 (en)
WO (1) WO2005024677A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006108831A1 (en) 2005-04-14 2006-10-19 Vodafone Holding Gmbh Method for confirming a service request
EP1979865A2 (en) * 2006-02-02 2008-10-15 Lucent Technologies Inc. Authentication and verification services for third party vendors using mobile devices
WO2009065417A1 (en) * 2007-11-19 2009-05-28 Net Signature For Advanced Solutions (I.N.K.) M. currency- net sense
US7748617B2 (en) * 2004-04-12 2010-07-06 Gray R O'neal Electronic identification system
US7757945B2 (en) 2004-04-12 2010-07-20 Gray R O'neal Method for electronic payment
US7931196B2 (en) 2004-04-12 2011-04-26 Nosselly Facility Ag, Llc System and method for facilitating the purchase of goods and services
ITPI20110071A1 (en) * 2011-06-22 2012-12-23 Michele Piccini "A TRANSACTION AUTHORIZATION SYSTEM"

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE10039569C1 (en) * 2000-08-09 2001-12-06 Mannesmann Ag Mobile telephone payment method for goods or services has central transaction number delivery point used to make payment after verification of charge data via customer
EP1178444A1 (en) * 2000-08-01 2002-02-06 mega-tel AG Electronic payment using SMS
WO2002011086A2 (en) * 2000-07-31 2002-02-07 Orga Kartensysteme Gmbh Transaction confirmation

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002011086A2 (en) * 2000-07-31 2002-02-07 Orga Kartensysteme Gmbh Transaction confirmation
EP1178444A1 (en) * 2000-08-01 2002-02-06 mega-tel AG Electronic payment using SMS
DE10039569C1 (en) * 2000-08-09 2001-12-06 Mannesmann Ag Mobile telephone payment method for goods or services has central transaction number delivery point used to make payment after verification of charge data via customer

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7748617B2 (en) * 2004-04-12 2010-07-06 Gray R O'neal Electronic identification system
US7757945B2 (en) 2004-04-12 2010-07-20 Gray R O'neal Method for electronic payment
US7931196B2 (en) 2004-04-12 2011-04-26 Nosselly Facility Ag, Llc System and method for facilitating the purchase of goods and services
WO2006108831A1 (en) 2005-04-14 2006-10-19 Vodafone Holding Gmbh Method for confirming a service request
EP1979865A2 (en) * 2006-02-02 2008-10-15 Lucent Technologies Inc. Authentication and verification services for third party vendors using mobile devices
US9256869B2 (en) 2006-02-02 2016-02-09 Alcatel Lucent Authentication and verification services for third party vendors using mobile devices
US11087317B2 (en) 2006-02-02 2021-08-10 Alcatel Lucent Authentication and verification services for third party vendors using mobile devices
WO2009065417A1 (en) * 2007-11-19 2009-05-28 Net Signature For Advanced Solutions (I.N.K.) M. currency- net sense
ITPI20110071A1 (en) * 2011-06-22 2012-12-23 Michele Piccini "A TRANSACTION AUTHORIZATION SYSTEM"

Also Published As

Publication number Publication date
ITMI20031718A1 (en) 2005-03-09

Similar Documents

Publication Publication Date Title
US7275685B2 (en) Method for electronic payment
KR101413773B1 (en) Fraud-free payment for internet purchase
KR100792147B1 (en) Interactive Financial settlement service method using mobile phone number or virtual number
US7533065B2 (en) Advanced method and arrangement for performing electronic payment transactions
EP1150263A2 (en) Telecommunication total security system of financial transaction
US20080217400A1 (en) System for preventing fraudulent purchases and identity theft
WO2002039342A1 (en) Private electronic value bank system
JPH08147500A (en) System and method for selling and, refunding electronic ticket
JP2000306003A (en) System and method for making active use of electronic value, server device and recording medium
JP2004527861A (en) Method for conducting secure cashless payment transactions and cashless payment system
JP2003527703A (en) Optical payment transmitting / receiving device and optical payment system using the same
JP2007521556A (en) Method of authorizing payment order by credit card and related devices
CN1726686B (en) Providing convenience and authentication for trade
KR20070121618A (en) Payment agency server
AU775065B2 (en) Payment method and system for online commerce
WO2002021767A1 (en) Virtual payment card
JP2005519402A (en) Payment card and method
US20040039709A1 (en) Method of payment
WO2005024677A1 (en) Method and system for transactions over a cellular mobile telephone network
EP1242983B1 (en) A system for recharging a prepaid value in respect of a telephone connection
JP4071445B2 (en) Transaction mediation system, transaction mediation apparatus and program
JP2003521077A (en) Method in commerce
JP2002083348A (en) Commodity buying system, device, method, and storage medium
KR20060124375A (en) Transaction system and method of authenticating users using thereof
KR20040055843A (en) System and Method for Payment by Using Authorized Authentication Information

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase