+

WO2006009460A1 - Systeme et procede d'authentification des utilisateurs dans un systeme de paiement - Google Patents

Systeme et procede d'authentification des utilisateurs dans un systeme de paiement Download PDF

Info

Publication number
WO2006009460A1
WO2006009460A1 PCT/NO2005/000266 NO2005000266W WO2006009460A1 WO 2006009460 A1 WO2006009460 A1 WO 2006009460A1 NO 2005000266 W NO2005000266 W NO 2005000266W WO 2006009460 A1 WO2006009460 A1 WO 2006009460A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
client
authentication centre
rfid
authentication
Prior art date
Application number
PCT/NO2005/000266
Other languages
English (en)
Inventor
Trond Are BJØRNVOLD
Bjørn THORSTENSEN
Original Assignee
Telenor Asa
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telenor Asa filed Critical Telenor Asa
Publication of WO2006009460A1 publication Critical patent/WO2006009460A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices

Definitions

  • the present invention relates to the use of RFID tags in payment systems.
  • Radio frequency identification or RFID technologies use radio waves to automatically identify individual items.
  • the most common applications are tracking goods in a supply chain, tracking assets, tracking packages at a distribution centre, security (including controlling access to buildings and networks) and payment systems that let customers pay for items without using cash.
  • the system consists of a tag or transponder, which is made up of a microchip with an antenna attached to it, and an interrogator or reader.
  • the reader sends out a radio signal that "couple" with the antenna on the RFID tag.
  • the chip modulates the received signal, which is subsequently sent back to the reader.
  • a serial number is stored on the chip that identifies a product, and perhaps also includes other information
  • RFID systems are advantageous over other identification systems in that they do not require line of sight.
  • RFID tags can be read as long as they are within range of a reader, irrespective of spatial arrangement.
  • RFID tags may be used when buying bus or cinema tickets, tickets for football games, etc. By implementing RFID based access control in cinemas or football stadiums, users will get seamless access to the events in question without interaction with guard staff, ticket inspectors or gatekeepers. However, the use of RFID products in payment systems is challenging, in particular in respect to security issues. A payment RFID tag will be connected to the user's bank account, and if it is lost, a third party may buy a car using the rightful owner's money.
  • the RFID system must include some sort of user authentication. As far as we know, no solution for direct authentication of users exists today. Currently users are authenticated by entering personal identification number (PIN) codes at external terminals, or by sending short message system
  • SMS Session Management
  • mobile phones These solutions are demanding with respect to user interaction, and prevent the technology from gaining ground as a means for identification and authentication.
  • the inventive solution will now be described in detail with reference to the appended drawing, which shows a system for the authentication of a user, according to the present invention.
  • the core of the invention is to introduce some sort of 2 step authentication - in which the user must accept the transaction with his/her mobile phone. This will greatly reduce the possibility of misuse.
  • This solution is 5 different from common SMS commerce in that the transaction is initiated automatically and only requires a small degree of user interaction.
  • the system is illustrated in the appended figure.
  • the user possesses a mobile terminal 1 and an RFID tag.
  • the presence of the RFID tag is detected by an RFID reader 2.
  • the identification of the tag is sent to an authentication centre 3.
  • the authentication centre is arranged to send an inquiry to the user' s mobile phone asking him/her to accept s the transaction. If the user accepts the transaction, by pressing an appropriate key, the transaction information is sent from the authentication centre to a transaction system 4.
  • the arrows indicate the communication between the individual units involved in the transaction.
  • the RFID tag In order to avoid the system being triggered each time a person enters a shop, the RFID tag should be of a short- range type, e.g. with an activation range of only some few centimetres. A customer can then bring the goods he wants to purchase to the till (cash register) . The cashier will s enter the cash value of the goods, whereupon the transaction is initiated by holding the RFID tag near to a RFID reader.
  • the authentication centre 3 can be realized as a server running an authentication application.
  • a 0 corresponding application can be installed at the mobile terminal. This is an application listening for arriving requests for acceptance of a transaction, and presents this to the user as a YES/NO option (dedicating YES and NO to specific keys on the keyboard, or to specific fields on a 5 touch sensitive screen) .
  • the application on the mobile terminal may request the user to enter a 3 or 4 number code.
  • the system could be realized using IP-communication (i.e GPRS) between the server and the client software on the mobile terminal.
  • IP-communication i.e GPRS
  • the inventive solution could also be realized as a SMS service.
  • the authentication centre sends a SMS message to the client' s mobile terminal.
  • the client can respond to the message by returning a message containing a Y, and thereby accept the transaction. This will require the client to touch 3 or 4 keys, at the most.
  • the authentication centre can require the client to return a short number code. This could be a fixed number (PIN-code) or a number that is increased by 1 for each transaction, e.g. 10 for the first transaction, 11 for the next, etc. These measures will increase the security of the system.
  • the system includes a mobile terminal 1, and an RFID tag at the customer side.
  • the RFID tag should of course not be attached to the phone, in case the later is lost or stolen.
  • An RFID reader 2 is communicating with the RFID tag over a wireless link 10.
  • the RFID reader 2 is also in communication with an authentication centre 3 over a communication link 20.
  • the authentication centre 3 communicates with the mobile terminal 1 over the public mobile telephone network 30, and is connected to a transaction system 4 via communication link 50.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

L'invention concerne un système de paiement qui permet aux clients de payer des articles sans utiliser d'argent liquide. L'utilisateur possède un terminal mobile 1 et un étiquette d'identification par radiofréquence RFID. Lors de l'entrée dans un magasin, un bus, un cinéma ou un autre site à paiement, la présence de l'étiquette RFID est détectée par un lecteur RFID 2. L'identification de l'étiquette est envoyée à un centre d'authentification (3) conçu pour envoyer une demande au téléphone mobile de l'utilisateur/utilisatrice dans laquelle on demande à ce dernier/cette dernière d'accepter la transaction. Si l'utilisateur accepte la transaction, en enfonçant la touche appropriée, les informations de transaction sont envoyées du centre d'authentification à un système de transaction (4).
PCT/NO2005/000266 2004-07-16 2005-07-15 Systeme et procede d'authentification des utilisateurs dans un systeme de paiement WO2006009460A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
NO20043052 2004-07-16
NO20043052A NO20043052D0 (no) 2004-07-16 2004-07-16 System og fremgangsmate for elektronisk betaling

Publications (1)

Publication Number Publication Date
WO2006009460A1 true WO2006009460A1 (fr) 2006-01-26

Family

ID=34972575

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/NO2005/000266 WO2006009460A1 (fr) 2004-07-16 2005-07-15 Systeme et procede d'authentification des utilisateurs dans un systeme de paiement

Country Status (2)

Country Link
NO (1) NO20043052D0 (fr)
WO (1) WO2006009460A1 (fr)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008074051A1 (fr) * 2006-12-19 2008-06-26 Transurban Limited Système de transaction destiné à être utilisé pour autoriser des transactions électroniques
WO2009001366A1 (fr) * 2007-06-22 2008-12-31 Ajay Adiseshann Procédé et système pour effectuer une transaction monétaire via un dispositif de communications mobiles
WO2009087539A1 (fr) 2008-01-04 2009-07-16 Logomotion, S.R.O. Procédé et système d'authenticité particulière au niveau des paiements, identificateur d'identité et/ou d'approbation
EA013808B1 (ru) * 2009-02-09 2010-08-30 Сергей Владимирович Скороходов Способ оплаты проезда и контроля проездных документов и автоматизированная система для его осуществления
WO2011004339A1 (fr) 2009-07-08 2011-01-13 Logomotion, S.R.O. Procédé et système d'authentification sans contact, et élément porteur de code pin
EP2275982A1 (fr) 2009-07-16 2011-01-19 Vodafone Holding GmbH Demande à un utilisateur d'un dispositif de communication mobile
US9054408B2 (en) 2008-08-29 2015-06-09 Logomotion, S.R.O. Removable card for a contactless communication, its utilization and the method of production
US9081997B2 (en) 2008-10-15 2015-07-14 Logomotion, S.R.O. Method of communication with the POS terminal, the frequency converter for the post terminal
US9098845B2 (en) 2008-09-19 2015-08-04 Logomotion, S.R.O. Process of selling in electronic shop accessible from the mobile communication device
US9456346B2 (en) 2006-07-25 2016-09-27 Virginia Innovation Science, Inc Method and system for improving client server transmission over fading channel with wireless location and authentication technology via electromagnetic radiation
US9723443B2 (en) 2005-08-12 2017-08-01 Virginia Innovation Sciences Inc. System and method for providing locally applicable internet content with secure action requests and item condition alerts
US10332087B2 (en) 2009-05-03 2019-06-25 Smk Corporation POS payment terminal and a method of direct debit payment transaction using a mobile communication device, such as a mobile phone
US11213773B2 (en) 2017-03-06 2022-01-04 Cummins Filtration Ip, Inc. Genuine filter recognition with filter monitoring system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020181710A1 (en) * 2000-02-27 2002-12-05 Kfir Adam Mobile transaction system and method
US20040030601A1 (en) * 2000-09-29 2004-02-12 Pond Russell L. Electronic payment methods for a mobile device

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020181710A1 (en) * 2000-02-27 2002-12-05 Kfir Adam Mobile transaction system and method
US20040030601A1 (en) * 2000-09-29 2004-02-12 Pond Russell L. Electronic payment methods for a mobile device

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9723443B2 (en) 2005-08-12 2017-08-01 Virginia Innovation Sciences Inc. System and method for providing locally applicable internet content with secure action requests and item condition alerts
US9456346B2 (en) 2006-07-25 2016-09-27 Virginia Innovation Science, Inc Method and system for improving client server transmission over fading channel with wireless location and authentication technology via electromagnetic radiation
WO2008074051A1 (fr) * 2006-12-19 2008-06-26 Transurban Limited Système de transaction destiné à être utilisé pour autoriser des transactions électroniques
WO2009001366A1 (fr) * 2007-06-22 2008-12-31 Ajay Adiseshann Procédé et système pour effectuer une transaction monétaire via un dispositif de communications mobiles
WO2009087539A1 (fr) 2008-01-04 2009-07-16 Logomotion, S.R.O. Procédé et système d'authenticité particulière au niveau des paiements, identificateur d'identité et/ou d'approbation
US9054408B2 (en) 2008-08-29 2015-06-09 Logomotion, S.R.O. Removable card for a contactless communication, its utilization and the method of production
US9098845B2 (en) 2008-09-19 2015-08-04 Logomotion, S.R.O. Process of selling in electronic shop accessible from the mobile communication device
US9081997B2 (en) 2008-10-15 2015-07-14 Logomotion, S.R.O. Method of communication with the POS terminal, the frequency converter for the post terminal
EA013808B1 (ru) * 2009-02-09 2010-08-30 Сергей Владимирович Скороходов Способ оплаты проезда и контроля проездных документов и автоматизированная система для его осуществления
US10332087B2 (en) 2009-05-03 2019-06-25 Smk Corporation POS payment terminal and a method of direct debit payment transaction using a mobile communication device, such as a mobile phone
WO2011004339A1 (fr) 2009-07-08 2011-01-13 Logomotion, S.R.O. Procédé et système d'authentification sans contact, et élément porteur de code pin
EP2275982A1 (fr) 2009-07-16 2011-01-19 Vodafone Holding GmbH Demande à un utilisateur d'un dispositif de communication mobile
US11213773B2 (en) 2017-03-06 2022-01-04 Cummins Filtration Ip, Inc. Genuine filter recognition with filter monitoring system

Also Published As

Publication number Publication date
NO20043052D0 (no) 2004-07-16

Similar Documents

Publication Publication Date Title
US20240187412A1 (en) Handling Encoded Information
US10755271B2 (en) Location based authentication
US6612488B2 (en) Method and system to prevent fraudulent payment in credit/debit card transactions, and terminals therefor
US8645280B2 (en) Electronic credit card with fraud protection
US20070187482A1 (en) Point of Sale Transaction Method and System
US10482692B2 (en) Systems and methods for location-based automated authentication
US20080077527A1 (en) Method and System for a Purchase Transaction at a Remote Merchant Machine
JP2002176671A (ja) 移動体電話機
CN101084516A (zh) 交易系统和方法
CN1998032A (zh) 用于识别、授权和/或通知的装置
WO2001088785A1 (fr) Systeme de reglement electronique, dispositif de reglement et terminal
WO2006009460A1 (fr) Systeme et procede d'authentification des utilisateurs dans un systeme de paiement
CN107025552A (zh) 一种自助商店系统及自助购物方法
GB2398159A (en) Electronic payment authorisation using a mobile communications device
WO2001052205A1 (fr) Procede et dispositif de traitement
KR20000012607A (ko) 무선단말기를 이용한 인증시스템
KR20000049788A (ko) 유무선통신을 이용한 개인 고유번호 자동전달 및 보안 시스템
US20050070330A1 (en) Method of matching between a mobile phone and a personal card
WO2007071157A1 (fr) Procede de reconnaissance pour paiement electronique et terminal d'authentification d'identite et guichet automatique
CN103430199B (zh) 利用移动手机的安全支付系统及利用该支付系统的支付方法
TW200303496A (en) System and method for issuing card and processing blacklist using wireless communications
JP2001022869A (ja) カード取引処理システム
JP2002056338A (ja) 購買金額決済方法及び購買金額決済システム
GB2491514A (en) Handling encoded information and identifying user
JP2002183439A (ja) 商取引における取引当事者のオンラインチェック方法、及び、商取引の取引当事者へのオンライン連絡方法、及び、オンライン了承情報取得方法、並びに、それらのシステム

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载