EP2438560A1 - A method for secure transactions - Google Patents
A method for secure transactionsInfo
- Publication number
- EP2438560A1 EP2438560A1 EP10783667A EP10783667A EP2438560A1 EP 2438560 A1 EP2438560 A1 EP 2438560A1 EP 10783667 A EP10783667 A EP 10783667A EP 10783667 A EP10783667 A EP 10783667A EP 2438560 A1 EP2438560 A1 EP 2438560A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- transaction
- predefined
- identity
- server
- unique
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/326—Payment applications installed on the mobile devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3227—Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
Definitions
- the present invention relates generally to transactions, and particularly to secure transactions utilizing a portable radio communication device, such as a mobile phone, personal digital assistant, portable computer or similar.
- a portable radio communication device such as a mobile phone, personal digital assistant, portable computer or similar.
- An object of the present invention is thus to provide secure transactions for portable radio communication devices.
- a secure transaction is achieved.
- the transaction identity is kept unique only during a specific transaction, whereby the necessary amount of transaction identities can be kept very low at the predefined transaction server, being limiting only for handling parallel transactions at the predefined transaction server.
- the unique transaction identity is preferably created by the predefined transaction server upon request from the first transaction part, which provides for an assured solution for the first transaction part.
- the transaction identity is created by the second transaction part, which facilitates the transaction for the first transaction part.
- a predefined transaction identity is preferably used for e.g. Internet bank login.
- the verification is preferably performed by entering a personal identification number (PIN) in the portable radio communication device, which PIN is selected during installation of user transaction software.
- PIN personal identification number
- Fig. 1 schematically shows communication between transaction parts according to an embodiment of the present invention.
- Fig. 2 schematically shows communication between a plurality of transaction parts according to an embodiment of the present invention.
- Fig. 3 schematically shows the steps of a method for secure transactions according to an embodiment of the present invention.
- the first step is to install 1 a user transaction software in a portable communication device 10 of a first transaction part in a secure way, wherein a user is identified in a secure way and tied to the installation.
- One secure way is to, at e.g. a bank office or other known part, install the user transaction software in the portable radio communication device of the first transaction part or give a memory card or similar device having an installation program for the first transaction part thereon.
- the identity of the owner of the portable radio communication device is checked in connection with the installation or delivery of the user transaction software transaction program. Instead of checking the identity directly at a bank office or other known part e.g. a registered letter sent to the intended user can be used to verify the identity of the intended user.
- the user transaction software is connected to an account at the bank or other part, such as a credit card account, a user account, an electronic wallet, etc.
- Another secure way to install the user transaction software is to, at e.g. an authenticated Internet bank office or similar part, through a secure connection, e.g. a https connection, install the user transaction software in the portable radio communication device of the first transaction part.
- the identity of the owner of the portable radio communication device is checked in connection with the installation through e.g. PIN.
- the user transaction software is connected to an account at the bank or other part, such as a credit card account, a user account, an electronic wallet, etc .
- the user transaction software is arranged to communicate with a predefined transaction server 12, of a plurality of transaction servers, when secure transactions are performed.
- Information of which account a user transaction software is connected to can be predefined directly at the predefined transaction server or be accessed by the predefined transaction server from the first transaction part whenever a transaction is to take place. Account balance and similar checks are preferably performed prior to any finalization of a transaction.
- a mobile phone number is preferably given to the distribution site, which in response thereto sends a text message, such as an
- SMS with a download URL to that mobile phone number, i.e. a so called over the air installation (OTA installation) .
- OTA installation over the air installation
- the user transaction software is installed in the mobile phone.
- an activation code given by the distribution site, is entered.
- a PIN is also required to be entered to run the application.
- the transaction comprises the following steps.
- the user of the portable radio communication device i.e. the first transaction part, selects a "transaction" section of the user transaction software to connect the first transaction part to the predefined transaction server.
- the first transaction part 10 activates itself, through an encoded/encrypted wireless communication, on the predefined transaction server 12, which predefined transaction server 12 thereby puts the first transaction part 10 in an active transaction state on the predefined transaction server 12.
- the first transaction part 10 preferably stays in the active transaction state on the predefined transaction server 12 until the first transaction part 10 requests a non-active transaction state.
- the first transaction part 10 will be put into a non-active transaction state by the predefined transaction server 12 after a time-out.
- the predefined transaction server 12 could also put the first transaction part 10 in a non-active state after finalization of a transaction.
- the first transaction part thereafter initiates the transaction by requesting 2, through an encoded/encrypted wireless communication, a transaction identity of the predefined transaction server.
- the wireless communication can e.g. be performed through GPRS, 3G data, Wi-Fi or WiMAC, all of which could have some kind of built-in identity verification, and even infrared or Bluetooth, which however are anonymous and could require some added identity verification.
- the predefined transaction server responds by sending 14 a transaction identity to the first transaction part, which transaction identity is unique during the whole transaction but is preferably reusable after finalization of the transaction, advantageously directly after finalization of the transaction, i.e. when the transaction receipt has been sent.
- the predefined transaction server 12 then announces the transaction identifier to an intermediate transaction router 17.
- This announcement may optionally comprise a link to the predefined transaction server, apart from the transaction identity relating to a transaction associated with the first transaction part.
- the transaction identity in this case relates to a transaction which the first transaction part is in the process of engaging in.
- the predefined transaction server 12 creates a transaction identifier it could request the intermediate transaction router 17 to create a transaction identifier, witch thereafter is sent to the first transaction part.
- An advantage of having the intermediate transaction router to create the transaction identifier is that two different transaction servers do not risk of creating the same transaction identifier, which could be mixed up at the intermediate transaction router.
- the transaction servers creates the transaction identifiers they are preferably restricted to a defined interval, whereby the intermediate transaction router can make sure that two different transaction servers do not create the same transaction identity.
- the first transaction part enters 3 the returned transaction identity at the merchant secure Internet site 11, i.e. the second transaction part 11.
- the second transaction part 11 connects to a known transaction partner 16, such as a POS terminal, of a plurality of possible transaction partners, to activate itself on the predefined transaction server 12.
- a known transaction partner 16 such as a POS terminal
- the second transaction part does not know how to directly communicate with the predefined transaction server, but only the intermediate transaction router 17. Therefore a device 16 of the second transaction part connects to the intermediate transaction router 17. It therefore sends a verification request to the intermediate transaction router 17 concerning the received transaction identifier for verifying the first transaction part.
- the request is here a request intended for the unknown predefined transaction server 12.
- This verification request is then received by the intermediate transaction router 17, which goes on and identifies the predefined transaction server 12 based on the transaction identity indicated in the verification request. It then routes this request to predefined transaction server 12. In fact, from this point forward it routes all communication regarding the transaction involving the transaction identity between the predefined transaction server 12 and the second transaction part, for allowing the second transaction part to communicate with the predefined transaction server for verification of the use of the transaction identity.
- the predefined transaction server 12 receives the verification request from the intermediate transaction router 17. It also receives information of the transaction connected to the transaction identity, preferably encrypted.
- the intermediate transaction router 17 is utilized to connect the predefined transaction server 12 and the known transaction partner 16, such that the second transaction part 11 can activate itself thereon.
- the second transaction part 11 activates itself on the predefined transaction server 12, which predefined transaction server 12 thereby puts the second transaction part 11 in an active transaction state on the predefined transaction server 12.
- the second transaction part thereafter sends 4, 15 information of the transaction connected to the transaction identity to the predefined transaction server 12, preferably encrypted.
- the activation and the following information of the transaction could also be performed in one action, such that the sending of information of the transaction to the predefined transaction server also puts the second transaction part in an active transaction state on the predefined transaction server.
- Transaction information from the second transaction part that is sent with a transaction can vary, but typically includes the name of the second transaction part and the transaction amount, and possibly also the product name, at a purchase.
- the name of the second transaction part could alternatively be extracted from the login of the second transaction part to the system instead of being sent together with the transaction, to ensure that such information is not distorted. This is usually performed via a landline, but could also be performed via wireless communication.
- the second transaction part has previously registered an account at the predefined transaction server, in a way similarly performed for the first transaction part. Account information or similar information of the first transaction part is not necessary to give to the second transaction part and vice versa, since such information is known by the predefined transaction server, and such information should thus not be given to the second transaction part and vice versa.
- the predefined transaction server 12 identifies the first transaction part by the unique transaction identity sent by the second transaction part and preferably requests 5, through an encoded/encrypted wireless communication, a verification by the first transaction part of the transaction information connected to the transaction identity.
- the user transaction software requests 6 e.g. a PIN as verification of the transaction information, such as name of the second transaction part and transaction amount.
- the verification is returned, through an encoded/encrypted wireless communication, to the predefined transaction server connected to the transaction identity.
- the predefined transaction server After verification from the first transaction part the predefined transaction server finalizes 7 the transaction connected to the unique transaction identity and sends a transaction receipt to both the first transaction part, through an encoded/encrypted wireless communication, and the second transaction part.
- the transaction is only finalized provided that the accounts of both the first transaction part and the second transaction part accept the transaction.
- the transaction has been described with a portable radio communication device as the first transaction part and a merchant as the second transaction part.
- the merchant requests a unique transaction identity of the intermediate transaction router, in this case preferably through a land line.
- the merchant request a unique transaction identity of a transaction server of its own, which thereafter is announced on the intermediate transaction router.
- the unique transaction identity is then communicated to the portable radio communication device from the merchant, which portable radio communication device activates itself on the predefined transaction server with the unique transaction identity it has received from the merchant.
- the predefined transaction server thereafter announces this unique transaction identity on the intermediate transaction router, such that it can connect the portable radio communication device and the merchant thereon.
- information of the transaction connected to the unique transaction identity is again sent from merchant to the predefined transaction server, which, by wireless communication, sends the information of the transaction connected to the unique transaction identity to the portable radio communication device.
- the transaction connected to the unique transaction identity is still verified at the portable radio communication device by a user verification, which verification connected to the unique transaction identity is sent to the predefined transaction server.
- the transaction connected to the unique transaction identity is thereafter finalized based on the information of the transaction and the unique transaction identity, and a transaction receipt of the finalized transaction is sent from the predefined transaction server to the first and second transaction parts.
- both transaction parts have individually put themselves in an active transaction state on the predefined transaction server. Without both transaction parts in the active transaction state the transaction will not be finalized.
- a similar method can be used for e.g. Internet bank login, or other kinds of secure login or secure authentication.
- a predefined identity is utilized, known by both the first transaction part, the predefined transaction server and the intermediate transaction router, such as a social security number, account number or similar.
- the user of the first transaction part preferably enters this predefined identity at the second transaction part and thereby initiates the login at the second transaction part.
- the first and second transaction parts are e.g. equipped with electronic communication means, providing the possibility for the first transaction part to enter the predefined identity at the second transaction part without the user needing to perform it manually.
- the user of the first transaction part also selects a "secure login" section of the user transaction software to connect the portable radio communication device to the predefined transaction server and thereby puts the first transaction part in an active transaction state on the predefined transaction server.
- the second transaction part connects to a known transaction partner, such as a POS terminal, to activate itself on the predefined transaction server.
- An intermediate transaction router 17 is utilized to connect the predefined transaction server 12 and the known transaction partner 16, such that the second transaction part 11 can activate itself thereon.
- After receiving the predefined identity at the second transaction part the second transaction part puts itself in an active transaction state on the predefined transaction server and requests a verification connected to the login of the predefined transaction server, based on the predefined identity.
- the predefined transaction server checks that the portable radio communication device corresponding to the predefined identity is connected to the predefined transaction server, at least by checking that the first transaction part is in an active transaction state on the predefined transaction server.
- the predefined transaction server preferably additionally requests a verification connected to the login from the first transaction part, or alternatively checks that the portable radio communication device of the first transaction part is on, which is performed without any active action by the user thereof.
- the verification in the portable radio communication device is e.g. a PIN.
- the predefined transaction server will when both transaction part are in the active state, or after verification when used, send a verification to the second transaction part confirming that the portable radio communication device has been verified, which will allow log in of the first transaction part into the second transaction part. In this case no PIN of other password has been transferred via the Internet connection. Further, the PIN has not been transferred between the predefined transaction server and the second transaction part. The second part is only receives a confirmation that the identification is verified. Transactions at the second transaction part can hereafter be performed as previously described.
- the intermediate transaction router 17 has been described as connecting the predefined transaction server 12 and the known transaction partner 16, and it can also connect a plurality of predefined transaction servers 12 and a plurality of known transaction partners 16. Further, there can also exist a plurality of intermediate transaction routers, typically an intermediate transaction router per country.
- Examples of different transaction are e.g. point of sales (POS) transaction, person to person (P2P) transfer, micro payments, person to machine (vending machine) transaction, secure identification, electronic identification, secure authentication, etc.
- POS point of sales
- P2P person to person
- micro payments person to machine
- secure identification electronic identification
- secure authentication etc.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
SE0950411A SE533422C2 (en) | 2009-06-04 | 2009-06-04 | Method of secure transactions |
PCT/SE2010/050614 WO2010140970A1 (en) | 2009-06-04 | 2010-06-04 | A method for secure transactions |
Publications (2)
Publication Number | Publication Date |
---|---|
EP2438560A1 true EP2438560A1 (en) | 2012-04-11 |
EP2438560A4 EP2438560A4 (en) | 2014-04-30 |
Family
ID=43243857
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP10783667.8A Withdrawn EP2438560A4 (en) | 2009-06-04 | 2010-06-04 | A method for secure transactions |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP2438560A4 (en) |
CN (1) | CN102460491A (en) |
SE (1) | SE533422C2 (en) |
WO (1) | WO2010140970A1 (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB201105765D0 (en) | 2011-04-05 | 2011-05-18 | Visa Europe Ltd | Payment system |
US9922322B2 (en) | 2013-12-19 | 2018-03-20 | Visa International Service Association | Cloud-based transactions with magnetic secure transmission |
CN105830107A (en) | 2013-12-19 | 2016-08-03 | 维萨国际服务协会 | Cloud-based transactions methods and systems |
US10846694B2 (en) | 2014-05-21 | 2020-11-24 | Visa International Service Association | Offline authentication |
US9775029B2 (en) | 2014-08-22 | 2017-09-26 | Visa International Service Association | Embedding cloud-based functionalities in a communication device |
US20160148202A1 (en) * | 2014-11-26 | 2016-05-26 | Mastercard Asia Pacific Pte. Ltd. | Methods and Systems for Processing Transactions, Based on Transaction Credentials |
BR112018076196A2 (en) | 2016-07-11 | 2019-03-26 | Visa International Service Association | method, and portable communication and access devices. |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050187873A1 (en) | 2002-08-08 | 2005-08-25 | Fujitsu Limited | Wireless wallet |
US20050227218A1 (en) | 2004-03-06 | 2005-10-13 | Dinesh Mehta | Learning system based on metadata framework and indexed, distributed and fragmented content |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6889325B1 (en) * | 1999-04-28 | 2005-05-03 | Unicate Bv | Transaction method and system for data networks, like internet |
IL134741A (en) * | 2000-02-27 | 2003-11-23 | Adamtech Ltd | Mobile transaction system and method |
CN1922623A (en) * | 2004-02-17 | 2007-02-28 | 富士通株式会社 | Wireless wallet |
ES2263344B1 (en) * | 2004-07-30 | 2007-11-16 | Jose Ignacio Bas Bayod | METHOD FOR PERFORMING SECURE PAYMENT OR COLLECTION TRANSACTIONS, USING PROGRAMMABLE MOBILE PHONES. |
US7577616B2 (en) * | 2005-12-07 | 2009-08-18 | Xi Zhu | Method and apparatus of secure authentication and electronic payment through mobile communication tool |
US20070255662A1 (en) * | 2006-03-30 | 2007-11-01 | Obopay Inc. | Authenticating Wireless Person-to-Person Money Transfers |
CZ2007504A3 (en) * | 2007-07-26 | 2008-07-02 | Direct Pay, S.R.O. | Method of making payment transaction by making use of mobile terminal |
SK50862008A3 (en) * | 2008-09-19 | 2010-06-07 | Logomotion, S. R. O. | System for electronic payment applications and method for payment authorization |
-
2009
- 2009-06-04 SE SE0950411A patent/SE533422C2/en not_active IP Right Cessation
-
2010
- 2010-06-04 CN CN2010800244720A patent/CN102460491A/en active Pending
- 2010-06-04 WO PCT/SE2010/050614 patent/WO2010140970A1/en active Application Filing
- 2010-06-04 EP EP10783667.8A patent/EP2438560A4/en not_active Withdrawn
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050187873A1 (en) | 2002-08-08 | 2005-08-25 | Fujitsu Limited | Wireless wallet |
US20050227218A1 (en) | 2004-03-06 | 2005-10-13 | Dinesh Mehta | Learning system based on metadata framework and indexed, distributed and fragmented content |
Non-Patent Citations (1)
Title |
---|
See also references of WO2010140970A1 |
Also Published As
Publication number | Publication date |
---|---|
EP2438560A4 (en) | 2014-04-30 |
SE0950411A1 (en) | 2010-09-21 |
CN102460491A (en) | 2012-05-16 |
WO2010140970A1 (en) | 2010-12-09 |
SE533422C2 (en) | 2010-09-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11151543B2 (en) | Methods for secure transactions | |
EP2438560A1 (en) | A method for secure transactions | |
US20120072309A1 (en) | method for secure transactions | |
US20120078752A1 (en) | Transaction identified handling system | |
WO2010140972A1 (en) | A method for secure transactions | |
US20120078800A1 (en) | Method for secure transactions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20111212 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR |
|
DAX | Request for extension of the european patent (deleted) | ||
TPAC | Observations filed by third parties |
Free format text: ORIGINAL CODE: EPIDOSNTIPA |
|
A4 | Supplementary search report drawn up and despatched |
Effective date: 20140328 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: G06Q 20/00 20120101AFI20140324BHEP |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20171211 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
APBK | Appeal reference recorded |
Free format text: ORIGINAL CODE: EPIDOSNREFNE |
|
APBN | Date of receipt of notice of appeal recorded |
Free format text: ORIGINAL CODE: EPIDOSNNOA2E |
|
APBR | Date of receipt of statement of grounds of appeal recorded |
Free format text: ORIGINAL CODE: EPIDOSNNOA3E |
|
APAF | Appeal reference modified |
Free format text: ORIGINAL CODE: EPIDOSCREFNE |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: ACCUMULATE AB |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: ACCUMULATE AB |
|
APBT | Appeal procedure closed |
Free format text: ORIGINAL CODE: EPIDOSNNOA9E |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20210105 |