AUTOMATIC FORM FILLING METHOD AND SYSTEM
BACKGROUND
Field of the invention
The invention relates to the use of mobile device in effecluating transactions - financial or non-financial More particularly the invention relates to providing a system, method and computer program for filling up various fαi ms to aulhentieale identity of M user by means of a mobile device
Description of the related Art
We are all required to establish our identity in different forms and at different places. Different forms of establishing an identity in a day-to-day life could be either by showing a card (frequent flyer card, office access card, ATM card, credit card), a physical key (opening a house or a car door) or by filling a certain form (immigration counters at the airport), etc. Main purpose of all these actions is to establish identity in a certain context with appropriate level of security Level of security required is different in different contexts The level of security l equired to conduct a banking ti ϋiπsadiαn is very different from the level of security required to get credit in our frequent flyers miles account.
The existing method of enforcing identities in various situations involves filling up of forms with filling up of the attributes. Using different techniques at different situations is a cumbersome, time-consuming and taxing process for the users. For example, a user now has to fill up multiple forms, carry multiple credit-cards and authenticate itself at various points by repeating the information to be input. Also, the User is required to keep track of multiple usemames and passwords in order to complete several transactions. Handling multiple transactions also raises the security concerns for the users
Fig 1 shows an example of a prior art wherein a User accesses his ATM machine. The process takes place using the following steps
1. The User slides the plastic ATM card into the ATM (generally referred to as the STATION in this document). The ATM accepts the card through mechanical means and reads the information ori the magnetic strip on the back of the card,
2. If the information read from the card is acceptable to the machine, it prompts the user for a PIN code. The user enters the PlN code on the keypad, which is the part of the ATM machine.
3. The information read from the ATM card together with the PIN code provided by the User is communicated by the ATM machine to a remote computer (generally referred to as the HOST in this document). ATM machine is electronically connected to the HOST and it is the HOST that makes the most of the crucial banking decisions.
4. Once the User has been authenticated, he can proceed with the regular banking transaction. ATM screen and keypad are used as the primary interfaces to the machine.
Prior art search has revealed some efforts to conduct transactions by means of a mobile device. A mobile phone is the most common device that people around the world are carrying today. Apart from being a vvonderful communications tool, which is the primary purpose of carrying a mobile phone today, its utility can bo extended as a tool to transfer attributes as well. A mobile device has an IMEI (identifies the handset equipment) as well a phone number. Generally speaking, both IMEI and SIM identities are very difficult to break or duplicate. Another positive attribute of mobile phone is also that it can be programmed as well. Some of the efforts in this direction are described herein below.
International Patent Publication Number WO 98/58510 issued to SWISSCOM AG is titled as MOBILE DEVICE, CHIP CARD AND METHOD OF COMMUNICATION The Invention describes a mobile device that comprises of a removable SIM chip card for storing identification data relating to a subscriber in a GSM mobile communications network Said mobile device dlso has at least one wireless interface, said interface being integrated in the housing The interface can be infrared or inductive and enables the SIM card to communicate directly wilh an extenidl device, without using the mobile communications network The chip card also contains a communication controller in order to encode data and transmit said data across the interface The contact-less interface can also be supplied independently of the mobile device
International Patent Publication Number WO 00/38119 issued to SIEMENS
AKTIENGESELLSCHAFT IS titled as METHOD AND DEVICE FOR IDENTIFYING PERSONS The present invention relates to a method for locally identifying persons with a mobile phone An interface of the mobile telephone contactlessly transmits identification inf ormation to a local security system According to the inventive method, the identification code of the mobile phone is used for identifying the user Additional or other identification information can be used The radio interface and/or the infrared interface of the mobile phone are thereby used lor contactlessly transmitting the identification information
International Patent Publication Number WO 03/088577 issued to NOKIA CORPORATION is titled as METHOD AND SYSTEM FOR AUTHENTICATING USER OF DATA TRANSFER DEVICE This invention relates to a method and system for authenticating a user of a data transfer device (such as a terminal in a wireless local area network, i e, WLAN) The t method comprises, setting up a data transfer connection from the data transfer device to a service access point Next, identification data of the mobile subscriber (for example MSISDN) are input to the service access point This is followed by checking from the mobile communications system whether the mobile subscriber identification data contains an access right to the service access point If a valid access right exists, a password is generated, and then transmitted to a subscriber terminal (for example a GSM mobile phone) corresponding to the mobile subscriber identification data, and login
International Patent Publication Number WO 03/007538 A1 issued to I CONTROL TRANSACTIONS INC is titled as OPERATING MODEL FOR MOBILE WIRELESS
NETWORK BASED TRANSACTION AUTHENTICATION AND NON-REPUDIATION This invention discloses an embodiment of the invention for a system, method, apparatus and computer program product for device, user and/or transaction verification, authentication, and non-repudiation Wireless application captures and utilizes biometπo data from user in possession of mobile phone, PDA, or other portable computer
Information appliance authenticates device and/or user to reduce or eliminate likelihood that transaction will be repudiated. Transaction authentication and non-repudialion is applied to all manner of commerce including purchase and sale of products and services, banking, investment and other financial transactions as well as personal transaction not directly involving commerce Authentication and non-repudiation occurs over a wireless or end-to-end wired network of interconnected computers
International Patent Publication Number WO/ 00/75885 A1 issued to AUTOMATED BUSINESS COMPANIES is titled as ADVANCED WIRELESS PHONE SYSTEM. This invention discloses a wireless phone/ pager system that is modified to allow an owner to have proximity services such as toll tag access, ATM dispensing, gas pump dispensing, store credit card checkout, television remote control, garage door access, and more services using their wireless phone/ pager. The modification is accomplished in such a way that the existing wireless phone/ pager/ palm computer systems and the proximity device processing units require very litllo modification but produce a truly Advanced Wireless Phone/ pager/ palm computer systems (AWPS). The AWPS can be appended in a seamless manner to the existing wireless communication and proximity service provider systems in current use. The new system virtually eliminates the need to carry multiple credit cards and access devices όuch as toll tags. Another feature of the invention is the built-in finger print detector unit which automatically provides unique owner codes which can be used to either replace or supplement the PIN codes usually required with the proximity service providers The system may also combine multiple proximity billing services with the phone/ pager service provider, i.e , another convenience that would greatly be appreciated by the consumers
Our common law search of prior art on google has also revealed an article on Mobile Tech News (www mobiletechnewt, com/ιnfo/2004 /02/145943 html) wherein Nokia has announced the completion of pilots featuring s.imjle sign-on for mobile devices a technology eliminating the need for multiple entering of use authentication credentials when accessing different services, such as gaming or ticketing reservations All these projects are based on Liberty Alliance Project specifications, a group committed to developing open interoperable specifications for network identity For mobile phone users, the single sign-on solution will facilitate access to Web services reliability and seamlessly, independent of the network or device The consumers will also have control of personal information
Collectively the above mentioned inventions havn one or the othor di awhack ns stated below The prior art revealed do not collectively provide for a system and method that can be used in sense of true form filling with ti ansfαr of attributes by tho use1 uf a cell-phone These inventions collectively cannot enable user to get rid of many plastic cards and reduce paper filling of the forms Further the prior art is incapable to provide for security to facilitate in eliminating number of username and passwords that a user has to track The above-mentioned inventions do not present with a solution whereby a cell-phone can be automatically provisioned for all the situations before it is used as a tool
Thus there is an urgent need for improved piocesses for consumer identification to be developed, while a consumer is using cell-phone for automatic form filling by transfer of attributes Further what is needed is a system and method that enables authenticating a usoi by use oi a mobile device, while at the same time emsui ing thnt the process is done in a secure manner, thereby eliminating the need for multiple identities and passwords
SUMMARY
An object of the present invention is to provide a tool for automatic form filling by establishing identity as well as packing more utility into something that the user is already carrying, i.e., a mobile device.
Another object of the present invention is to enable a User to eliminate the need for carrying multiple plastic cards.
Another object of the present invention is to enable a user to cut down on filling paper forms in different situations.
Yet another object of the present invention is to enable user to enhance security in various transactions involving credit cards, ATM, etc.
A further object of the present invention is to provide for an improved process for user identification using mobile device as the identity tool.
A further object of the present invention is to present the information to the information collecting party in an automated electronic manner so that it is suitable for computer storage.
The present invention relates to a use of the most common device that people around the world are carrying today. Apart from being a wonderful communications tool, which is the primary purpose of carrying a mobile-device today, its utility is extended as identification tool as well. Establishing identity, is all about exchanging information. There are several forms of information that when shared in an appropriate manner establishes the identity. During an ATM transaction, part of the information is provided by the magnetic strip behind the card and rest of it is punched using the keypad on the ATM (PIN code). In an immigration counter at the airport, information is typically provided through a form together with the passport The present invention thus describes a system that is easy to implement and turns cell-phone into a device that can be used to conveniently establish identity primarily through an automatic form filling.
The present invention is a system and method of automatic form filling, using media between a mobile device and a Host Server to transfer data. The Automatic Form Filling is done by establishing an identity of a User, initiating conversation between the said User and the said Host-Server, and transferring attributes between said User and the said Host-Server, so as to enable the said Host-Server to electronically fill up the values of the attributes from the User's mobile device.
BRIEF DESCRIPTION OF THE DRAWINGS
The preferred embodiments oi the invention will hereinafter be described in conjunction with the appended drawings provided to illustrate and not to limit the invention, wherein like designations denote like elements, and in which:
Fig 1 illustrates a prior art wherein a User accesses his ATM machine.
Fig 2 illustrates the User using a mobile device such as a MOBILE-DEVICE as a substitute to the ATM card.
Fig 3 is a flow chart that illustrates the communication activities between the client and the server
Fig 4 is a flow chart that illustrates the client-server conversation.
Fig 5 is a flow chart that illustrates the sending of value of attributes to the server
Fig 6 is a flow chart that illustrates the creation of the new attributes for sending it to the server.
Fig 7 is a flow chart that illustrates sending of the new and stored attributes to the server.
DESCRIPTION OF PREFERRED EMBODIMENTS
The present invention is directed to a system and method for using the combination of mobile-device, station and software running on the mobile-device and the host server. The mobile-device communicates with the Host Server using media. Thus, mobile-device and Host Server must support the same Media, The present invention is independent of the underlying media.
Fig 2 illustrates the situation described in Fig 1 , by implementation of the present invention, wherein now the user uses a mobile device, such as a cellphone, as a substitute to the ATM card. The automated form filling system and method will, change the above described usage scenario as follows:
1. In this case, the user points said mobile-device to a modified ATM. The mobile- device already has the information, which is stored at the back on the ATM card. It transfers that information to the ATM machine
2. If the information presented is acceptable to the machine, it prompts the user for a PIN code. The user enters the PIN code on the mobile-device, which is again communicated, to the ATM.
3. The information provided by the mobile-device is communicated by the ATM machine to a remote computer (generically referred to as the host server). ATM machine is electronically connected to the host server and it is (he host server that makes most of the crucial banking decisions.
A. Once the User has been authenticated, he can proceed with the regular banking transaction. ATM screen and keypad are used as the primary interfaces to the machine.
In the present invention, we have replaced the ATM card with the mobile-device and have improved the convenience to the User and the costs for the bank related to issuring/replacing and maintaining the ATM cards.
The mobile-device needs to be provisioned before it can be implemented for the present invention. For instance, you must be provisioned to enter the work premises before you can actually use the present invention to enter your workplace. In other cases, the provisioning may automatically take place when going through Automatic Form Filling for the first time. Also, in some cases there would be no need for provisioning at all.
Different types of provisioning methods are described below:
OTA: Over-The-Air technology provides for special SMSs to be send to the user's mobile-device. These messages contain special information which is used to provision the Automatic Form Filling for that particular hostserver. For instance, the bank issuing you an ATM card could send you an OTA message that will provision the mobile-device for using the ATMs for that bank. Currently, the bank has to mail you a physical ATM card etc.
PHYSICAL: This type of provisioning takes place when you physically take the mobile- device to the provisioning entity. For instance, you may need to take your phone to the admin department in your company for provisioning. The admin department would download some special codes/information in your phone. This code is then delivered to the workplace entry system using Automatic Form Filling.
■ FIRSTUSE: In some instances, when the User interacts with a particular host server for the first time, the provisioning could take place automatically. For subsequent uses of the same host server, there is no need for provisioning anymore.
NONE: In some cases, there is no need for pre-provisioning and system just works without it. Immigration counters at the airport, car parking systems are typical example of such use cases of Automatic Form Filling.
Automatic Form Filing is accomplished when the client software running on the mobile- device interacts with the server software running on the host server. The mobile-device
and host server also support the Media that transfers the information across the wireless interface.
Fig 3 is a flow chart that illustrates the communication activities between the client and the host server. The User is prompted for the password (300). In the event the password is incorrect the User is prompted again. If the password is correct a message is sent to the host server to start the conversation (320). The said message could be sent using preferred communication medium like Bluetooth/lnfrared/WLAN or other known peer-to-peer short range wireless technologies. Said message would be sent from the said client to the host server to indicate the desire to start the conversation. The host server acknowledges the receipt of the message (330). The message sent from host server to client serves two purposes: one -it acknowledges to the client that the request message has been received; second- this message also contains the host server's ID. The client checks whether the message has been received from the host server (340). In the event the acknowledged message is not received by the client the connection gets aborted (380) and in case the acknowledged message is received, the client- host server conversation commences (350). The process ends upon the completion of this conversation (360). Thereafter the system performs any ■ "communication end" activities to end the client-host server communication. (370)
Fig 4 is a flow chart that illustrates the client-host server conversation module (350). The client host server conversation starts when the user is prompted for the host server's ID. The client checks if the host server ID already exists (410). Host server ID existing would mean that the client has conversed with this host server. If the ID does not exist the client sends a message that this is a first time conversation (420). This message is sent to indicate that the client has never conversed with this host server before and new attributes are created to initiate the client host-server conversation. In a case where the host server ID exists in the client, the user is prompted to select the account for each host server (430). For each host server the information is stored for the account entity. The user is prompted for sending attribute values {A40) The value of the
attributes is sent to the host server (450). Thereafter, the host server checks if any other information is required (460). For example for ATMs it could be the amount of cash to be withdrawn. In this case new attributes are again created (470) and its values are sent to the host server (480). If any other information is not required, then the conversation is complete (360).
Fig 5 is a flow chart that illustrates the sending of value of attributes to the host server (440). Based on the account selected and the sequencing of the attributes, the attributed is picked up to be sent to the host server (510). The user is prompted for the said attributed to be send(520). Thereafter the attribute is sent to the host server (530). The host server then decides whether there are any more attributes for which value is required (540). If there are more attributes, then this process is repeated. In case there are no other attributes required, the attributes available in the client have been sent to the host server. (550).
Fig 6 is a flow chart that illustrates the creation of the new attributes for sending it to the host server (470). A message is sent to the client with the attribute properties (610). This message would have metadata (information) about the attribute. Example of the properties of the attribute is whether the attribute is 'read only, should it be stored in the client, whether prompt is required, the value stored in the attribute, data type etc' Depending on the attribute, it is decided whether the attribute has to be stored in the client (620), If the properties of the attribute so require, then it is stored in the client
(630). Thereafter, the user is prompted to send the attribute to the host server (640). The attribute is then sent over to the host server (650). The host server then sends and acknowledgement message to the client. This message also indicates' if there are any more such attributes (660). If there are any more attributes, the entire process is repeated. If there are no more such attributes, the new attribute values are sent to the host server (480).
Fig 7 is a flow chart that illustrates sending of the new and stored attributes to the host server. The user is prompted to check the value of the attribute and send the same
to the host server (430). It is then checked whether the value of the attributed sought to be updated is "read only" or "not read only" (710). If the value of the attribute is "not read only", the new value of the attribute is stored (720).
Thereafter the user decides whether the new value of the attribute is to be sent to the host server (730). The client would send do not send message to the host server if the User does not wish to send this Attribute's value (740). The host server then decides whether the attribute is optional or not (750). If the attribute is not optional, then the host server sends "Abort" message to the client (760) and the process is terminated (770). However, if the attribute is optional, then accordingly the message is sent to the host server (780).
In case the client sends the message with the attribute value to the host server, the message is then sent accordingly to the host server (780).
Data exchange between Mobile Device and the host server is the fundamental activity within Automatic Form Filling process. The unit of information exchange is termed as an Attribute, There are lots of different types of attributes that are stored in the Mobile Device and can be exchanged with the Station. The attributes can be as simple as NAME, DATE OF BIRTH or more complicated like
TIME_OF_ENTERING__THE__CAR_PARK, All this depends upon the underlying applications for which Automatic Form Filling process is being executed,
Every attribute can the following details associated with it;
Attribute Name, e.g. DATE_OF_BIRTH
Attribute Value, e.g. "19961231" is the value of the attribute DATE_OF_BIRTH
Attribute Type, e.g. alphanumeric, numeric, currency, date, ....
Attribute Length, e.g. 16 characters
Attribute Flags, e.g. some attributes may require that the user confirms on his Mobile Device before the attribute is transmitted across to the host server, some attributes will be such that the value of the attribute should not be stored in the Mobile Device and should be entered everytime the information is asked by the host server.
While the preferred embodiments of the invention have been illustrated and described, it will be clear that the invention is not limited to these embodiments only. Numerous modifications, changes, variations, substitutions and equivalents will be apparent to those skilled in the art without departing from the spirit and scope of the invention as described in the claims.