WO2004025392A2 - Electronic commerce transactions - Google Patents

Electronic commerce transactions Download PDF

Info

Publication number
WO2004025392A2
WO2004025392A2 PCT/IB2003/003873 IB0303873W WO2004025392A2 WO 2004025392 A2 WO2004025392 A2 WO 2004025392A2 IB 0303873 W IB0303873 W IB 0303873W WO 2004025392 A2 WO2004025392 A2 WO 2004025392A2
Authority
WO
WIPO (PCT)
Prior art keywords
buyer
negotiable instrument
funds
financial institution
delivery
Prior art date
Application number
PCT/IB2003/003873
Other languages
French (fr)
Other versions
WO2004025392A3 (en
Inventor
Leunis Van Rooyen
Original Assignee
Purchase, Graham, Erlank
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Purchase, Graham, Erlank filed Critical Purchase, Graham, Erlank
Priority to AU2003259449A priority Critical patent/AU2003259449A1/en
Publication of WO2004025392A2 publication Critical patent/WO2004025392A2/en
Publication of WO2004025392A3 publication Critical patent/WO2004025392A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising

Definitions

  • THIS INVENTION relates to electronic commerce transactions.
  • it relates to a method of effecting a transaction, to a method of issuing a negotiable instrument, and to a wireless communications device.
  • parties trading with each other usually accept a transaction by physically signing conventional source documents with a pen.
  • These source documents are typically in the form of a quotation or tender, a pro forma invoice, a purchase order, a negotiable instrument such as a cheque, a payment receipt, a demand letter or a delivery note.
  • These source documents reflect the business intention of the parties and establish their commitment.
  • it often takes a long time to reach agreement and effect a transaction. It would thus be desirable to provide a method of effecting a transaction which allows the participants to establish an agreement in a non-repudiatable way without the conventional delays and red tape, thereby ensuring efficient delivery of goods and services and immediate payment therefor.
  • a method of effecting a transaction including receiving an electronic negotiable instrument over a communications network from a buyer, the negotiable instrument being authenticated online and in real time by a certification authority as to its origin; submitting the negotiable instrument online to a financial institution holding funds of the buyer to obtain confirmation that the buyer has sufficient funds for the transaction available and that the funds are being reserved by the financial institution; performing delivery in accordance with the transaction if the funds are available and reserved; and obtaining payment from the financial institution holding the reserved funds.
  • authenticate is meant that the party or parties or device or devices has/have been identified as to their true identify and that the electronic document in question is current and originates from the party claiming to have sent it in real time.
  • the method may include, in response to a request from the buyer for the provision of goods or services or the like, sending an invoice over a communications network to the buyer so that the buyer can convert the invoice into an electronic negotiable instrument by approving and returning the invoice.
  • the invoice may be authenticated online and in real time by a certification authority as to its origin.
  • the invention thus provides a method of purchasing goods and services from a wireless communications device, such as a mobile telephone, in a transaction which is processed in a straight-through way and which is executed and validated in real time.
  • a wireless communications device such as a mobile telephone
  • the invoice is thus delivered and presented to a buyer's handheld or terminal communications device through a wireless communication medium, as a digitally signed certified data message and encrypted with a public key allocated to the buyer by a certification authority managing a private key infrastructure (PKI).
  • PKI public key infrastructure
  • the buyer then decrypts the invoice at his own discretion, inspects the contents thereof, accepts it by signing it with an identification code or digital signature or other identification feature, and submitting it online to his bank to allow payment to take place.
  • micro-encryption key and micro-digital certificate Due to communication limitations and restricted processing capabilities of wireless handheld or terminal communication devices, a buyer will typically need to use a micro-encryption key and micro-digital certificate in order to use the method of the invention. Where Internet browsers and servers are being used, commercially available standard encryption keys and digital certificates can be used. As will be appreciated, all parties participating in the transaction should be enrolled, under a Commissioner of Oaths at a recognised certification authority, preferably one that complies with the International X.509 standard.
  • Performing delivery in accordance with the transaction may include sending a delivery note over a communications network to the buyer to obtain acknowledgment of delivery of the goods or services or the like, the delivery note being authenticated online and in real time by a certification authority as to its origin; delivering to the buyer goods or services or the like in accordance with the. transaction; and receiving from the buyer over a communications network an acknowledged delivery note, the acknowledged delivery note being authenticated online and in real time by a certification authority as to its origin.
  • Obtaining payment from the financial institution holding the reserved funds may include submitting the authenticated acknowledged delivery note over a communications network to the financial institution holding the reserved funds; and receiving the required payment from the financial institution holding the reserved funds.
  • the invoice may be sent in response to a request for goods or services or the like submitted in electronic digital format from a mobile telephone, the electronic request being encrypted with a public key of the buyer. Instead, the invoice may be submitted in response to a request for goods or services or the like submitted verbally or in writing.
  • a transaction in accordance with the invention may thus be initiated by a buyer placing an order in a conventional manner, for example by phoning in a verbal order, by sending a letter, fax or e-mail, or the like.
  • a transaction may also be initiated by the buyer selecting an item (goods or services) available for selection on the buyer's wireless telecommunications device. These goods or services will typically be listed in menu format and by selecting one of the listed items, the transaction is automatically initiated.
  • the authenticated invoice may be sent in digital SMS message format over a wireless telecommunications network to the buyer.
  • the authenticated invoice, and other data sent over a wireless telecommunications network may however be in the form of Subscriber Identity Module Browser.
  • Data messages or SS7 Protocol (Unstructured Supplementary Services Data) messages or other WAP or non-WAP messages may be sent in digital SMS message format over a wireless telecommunications network to the buyer.
  • the authenticated invoice, and other data sent over a wireless telecommunications network may however be in the form of Subscriber Identity Module Browser.
  • Data messages or SS7 Protocol (Unstructured Supplementary Services Data) messages or other WAP or non-WAP messages may be sent in digital SMS message format over a wireless telecommunications network to the buyer.
  • SS7 Protocol Unstructured Supplementary Services Data
  • the authenticated invoice is sent to the buyer encrypted with a public key of the buyer.
  • Approving the invoice may include entering a pass-phrase or other identification feature into a communications device, thereby to obtain a public key of the buyer from the certification authority, the electronic negotiable instrument thus being encrypted with the public key of the buyer.
  • pass-phrase includes concepts such as a biometric template, user name password, challenge and response system, token, smartcard or microchip device or other physical key device.
  • the telecommunications network over which the electronic negotiable instrument is received from the buyer typically includes a wireless telecommunications network.
  • Obtaining confirmation from a financial institution holding funds of the buyer that sufficient funds for the transaction are being reserved by the financial institution may include providing the financial institution holding funds of the buyer with a transaction amount and the identity of the buyer.
  • the identity of the buyer may be established from the certification authority by using a public key of the buyer.
  • the transaction amount and the identity of the buyer may be submitted to an acquiring financial institution acting for a provider of the goods or services or the like to enable the acquiring financial institution to obtain proof from the financial institution holding funds of the buyer that sufficient funds are available and being reserved for the transaction, the provider thus receiving confirmation from the financial institution holding funds of the buyer if sufficient funds are available and reserved, via the acquiring financial institution.
  • the authenticated delivery note is encrypted with a public key of the buyer.
  • the communications network over which the authenticated delivery note is sent includes a wireless telecommunications network.
  • the communications network over which the acknowledged delivery note is received from the buyer also typically includes a wireless telecommunications network.
  • the delivery note may be acknowledged by a pass-phrase or other identification feature entered into a communications device, thereby to acknowledge the delivery note and to encrypt the delivery note with a public key of the buyer.
  • the authenticated acknowledged delivery note may be submitted to an acquiring financial institution acting for a provider of the goods or services or the like, the acquiring financial institution in turn submitting the authenticated acknowledged delivery note to the financial institution holding the reserved funds in order to receive the required payment from the financial institution holding the reserved funds.
  • Performing delivery in accordance with the transaction may include providing a delivery party, over a communications network, with a dispatch note, the dispatch note being encrypted with a public key of the delivery party and being authenticated online and in real time by a certification authority as to its origin; and receiving the dispatch note over a communications network from the delivery party once delivery has taken place, the dispatch note being encrypted with a public key of the delivery party and authenticated by a certification authority as to its origin.
  • the communications network over which the dispatch note is provided and received includes a wireless telecommunications network.
  • the method of the invention is thus particularly suitable for use in cases where a buyer wishes to make use of a wireless telecommunications device, such as a mobile telephone, to effect a transaction.
  • a wireless telecommunications network such as a GSM network.
  • a delivery party which has the use of a wireless telecommunications device, such as a mobile telephone.
  • the certification authority involved in each authentication action is the same certification authority.
  • a method of issuing a negotiable instrument including receiving a request for the negotiable instrument over a wireless communications network, the request being authenticated by a certification authority as to its origin; obtaining details of the party requesting the negotiable instrument from the certification authority; confirming whether or not the party requesting the negotiable instrument has sufficient funds to cover the negotiable instrument, and, if the party does have sufficient funds; reserving the funds and sending an electronic negotiable instrument in encrypted format to a wireless communications device for storing in the wireless communications device.
  • the method of issuing a negotiable instrument is of great convenience to a person in possession of a mobile telecommunications device, such as a mobile telephone, provided the person is registered with a certification authority.
  • a mobile telecommunications device such as a mobile telephone
  • the message is in effect an electronic bank guaranteed cheque that can be signed electronically by the person to whom it was issued and then forwarded to a beneficiary as an interacting straight-through processed digitally signed certificate data message.
  • the received request for the negotiable instrument may be encrypted with the public key of the party requesting the negotiable instrument.
  • the electronic negotiable instrument being sent to the wireless communications device is encrypted with the public key of the party requesting the negotiable instrument.
  • the certification authority authenticates the electronic negotiable instrument being sent to the wireless communications device as to origin. Even more preferably, the certification authority authenticates the origin of the electronic negotiable instrument online and in real time. The certification authority preferably authenticates the request online and in real time.
  • the request for the negotiable instrument may be generated from a mobile telecommunications device by selecting menu options provided on the mobile telecommunications device.
  • the stored electronic negotiable instrument may make provision for entering the name of a beneficiary.
  • the received request for the negotiable instrument may originate as a digital SMS message.
  • a wireless communications device which includes a processor or processing means programmed to provide menu options to a user from which can be selected a request for the issuance of a negotiable instrument in electronic format and/or from which can be selected the option to enter a user identification code or other feature in order to convert an electronic document present on the device into a negotiable instrument in electronic format; an input device or input means with which data can be fed to the processor or processing means; and a transmitter and receiver for transmitting a request for the issuance of a negotiable instrument in electronic format and for receiving a negotiable instrument in electronic format.
  • the processor or processing means may be programmed to enable transmission of a received negotiable instrument in electronic format to a receiving party over a wireless telecommunications network.
  • the wireless telecommunications device may include an encryption engine or encryption means to encrypt the request for the issuance of a negotiable instrument in electronic format.
  • the menu options may allow entering of a user identification code or feature or the like to obtain an encryption key to encrypt the request for the issuance of a negotiable instrument in electronic format.
  • the wireless telecommunications device includes an encryption engine or encryption means to encrypt the received negotiable instrument prior to the received negotiable instrument being transmitted to a receiving party over a wireless telecommunications network.
  • the wireless communications device requests the user to enter a user identification code or secret pass-phrase.
  • the encryption engine then creates a private encryption key, allocated to the user by a certification authority administering a PKI, in order to transmit the data securely and to identify the user at the certification authority.
  • a public key can then be retrieved from the certification authority.
  • the public key is returned to the wireless communications device and is used to encrypt a negotiable instrument sent to the wireless telecommunications device.
  • Figure 1 shows a schematic diagram of a communications environment within which a transaction in accordance with the method of the invention can be effected; and Figures 2 to 14 show various displays on a mobile telephone being used to effect a transaction in accordance with the method of the invention.
  • reference numeral 10 generally indicates a communications environment within which a transaction in accordance with the method of the invention can be effected.
  • the communications environment 10 broadly includes a wireless telecommunications environment 12, a regional information technology (IT) infrastructure 14, a continental IT infrastructure 16 and a bank funds switch 19 servicing an acquiring bank 18 and an issuing bank 20.
  • IT information technology
  • the wireless telecommunications environment 12 can in principle be any one of a number of conventional wireless telecommunications environments, such as GSM, 3G, CdmaOne, TDMA, PDC Network, X25 Radio, Satellite Data, Digital Satellite Television, and wireless wide, local and municipality area networks.
  • the wireless telecommunications environment 12 is a GSM network.
  • the mobile telephone 22, in accordance with the invention, has a Subscriber Identity Module card (SIM card) which includes an encryption engine to encrypt and decrypt SMS messages.
  • SIM card Subscriber Identity Module card
  • the telephone 22 is also programmed to provide a user with the option to request the issuance of a negotiable instrument in an electronic format.
  • a terminal or point of sale device communicating in wireless fashion can also be used.
  • these devices include a security access module which includes an encryption engine.
  • the regional IT infrastructure 14 includes an application server front-end 26, an SMS gateway 28, a payment gateway 30, a supplier wireless application server 32, an administration server 34 and a database server 35.
  • the application server front-end 26 is a GSM device which exchanges a proxy ID ISM between the payment gateway 30 and the mobile telephone 22.
  • the SMS gateway 28 converts SMPP data messages (short text messages) into HTTP language, to allow the supplier wireless application server 32 to interpret the data messages.
  • SMPP stands for Short Message Peer to Peer protocol.
  • HTTP is the well-known computer handshaking protocol (using TCP) used between a web browser and a web server to transfer hypertext requests.
  • the payment gateway server 30 includes security software and acts as a secure postman system. It provides several connectors to widely used commerce applications. In other words, the payment gateway server 30 provides back office integration.
  • the administration server 32 is available to a supplier of goods and services or the like to analyse transactions involving the supplier and to submit transaction modifications via the payment gateway 30, such as manual discounts, order cancellations or reversals, faxed orders, call centre orders, and the like.
  • the regional IT infrastructure 14 is configured to provide application level security solutions, such as a set of software services that integrates multiple, disparate hardware and software components and security mechanisms into a robust, easily managed and secure environment where each transaction is secured to the appropriate level, strong authentication, integration, data integrity, digital signing, encryption and load-balancing abilities, extensive logging, audit and automated backup capabilities to facilitate control and management and allows an administrator to define exact parameters for authentication, non-repudiation, integrity, auditability, confidentiality and web access control.
  • the regional IT infrastructure 14 is established using a secure telecommunications vendor and is a secure hosting infrastructure.
  • a secured area is provided between this hosting infrastructure and the Internet, which forms part of the communications environment 10.
  • the secured area is protected with well implemented, managed and policy-based firewalls.
  • the web relay server also initiates the establishment of a secure channel (IPsec) between an Internet browser and the application level security server. This in effect removes any direct path between an end user and the hosting infrastructure, thus effectively shielding the hosting infrastructure from hostile access.
  • IPsec secure channel
  • the secured area typically also employs network intrusion detection systems.
  • the continental IT infrastructure 16 includes a certification authority 36, a registrar authority 38, a negotiable instrument server or generator 40, a credential server 42, a payment router 44 and a database server 45.
  • the continental IT infrastructure 16 is a secure hosting infrastructure.
  • the payment router 44 switches transactions in an end-to-end secured fashion between the payment gateway servers 30 of each supplier making use of the communications environment 10 to effect transactions in accordance with the method of the invention.
  • the payment router 44 is parameter driven to communicate with any bank switch, such as the switch 19, in a totally secure manner.
  • the credential server 42 functions as a depository for banking details and delivery credentials that can only be accessed using a buyer's public key for the purposes of a specific transaction.
  • the certification authority 36 allocates private and public keys to parties wishing to use the communications environment 10 to effect a transaction in accordance with the invention. It thus provides a private key infrastructure (PKI) so that transactions can be validated online and in real time, obviating the use of certificate revocation database lists.
  • PKI private key infrastructure
  • the workings and use of a PKI is known to those skilled in the art and will not be described in any detail herein.
  • the certification authority 36 has the ability to provide route certificate roll-over functionalities to protect the investment in the public key infrastructure in the event of a route certificate expiration or compromise.
  • the certification authority 36 also provides a hybrid certificate signing ability, which contains a subject public key for an encryption system that is different from the one that the certification authority uses to sign the certificate.
  • a certification authority be used which has proprietary technology which includes a small certificate format to improve processing speed and reduce storage requirements, and an anonymous ID system to protect client identity.
  • the purpose of the registrar authority 38 is to capture the information or details relating to parties using the communications environment 10 for purposes of effecting a transaction in accordance with the method of the invention.
  • the information is stored at the registrar authority 38 for verification and for the checking of the information provided by the requestors of a digital certificate.
  • the acquiring bank 18 is the financial institution used by a supplier of goods or services.
  • the acquiring bank 18 is linked at source code level in the electronic payment solution provided by the invention.
  • the issuing bank 20 is the financial institution holding funds of the buyer.
  • a single bank can be the acquiring bank as well as the issuing bank in the same transaction.
  • the buyer's bank account or bank accounts is/are linked with the buyer's public key in the credential server 42.
  • the financial banking switch 19 typically resides with the acquiring bank 18 and is integrated into the payment router 44 on a source code level. This IS08583 compliant capability enables the payment router 44 to execute transactions in real time.
  • the financial banking switch 19 includes a transaction manager (not shown) which is responsible for authorisation of the issuance of an electronic negotiable instrument and reservation of the buyer's funds at the issuing bank, transaction settlement, including reconciliation of transactions by the various parties involved in each transaction, transaction integrity management to prevent transactions from becoming lost or duplicated, transaction routing to ensure that transactions following different paths through the financial institution's network end up at correct destinations, and currency conversion to ensure that transactions can be carried out on a foreign currency account.
  • a transaction manager (not shown) which is responsible for authorisation of the issuance of an electronic negotiable instrument and reservation of the buyer's funds at the issuing bank, transaction settlement, including reconciliation of transactions by the various parties involved in each transaction, transaction integrity management to prevent transactions from becoming lost or duplicated, transaction routing to ensure that transactions following different paths through the financial institution's network end up at correct destinations, and currency conversion to ensure that transactions can be carried out on a foreign currency account.
  • the use of the communications environment 10 to effect a transaction in accordance with the invention will now be described for the case where a buyer (a male person) telephonically contacts a supplier of goods or services or the like, and places a purchase order verbally.
  • the buyer in this case makes the call from the mobile telephone 22 and is registered with the certification authority 36, so that he has a private key and a public key, and a pass-phrase which, on entering into his mobile telephone 22, generates the private key.
  • a sales or administration person at the supplier enters the purchase order manually into the supplier wireless application server 32 which automatically creates a pro forma invoice which is forwarded back to the buyer through the wireless telecommunications environment 12.
  • the pro forma invoice is sent to the buyer in SMS message format and is digitally signed by the supplier.
  • the pro forma invoice Before sending the pro forma invoice to the buyer, the pro forma invoice is authenticated online and in real time by the certification authority 36.
  • the certification authority 36 thus certifies that the pro forma invoice has originated from the supplier, by authenticating the digital signature (a digitally signed certificate) of the supplier.
  • the pro forma invoice is encrypted with the buyer's public key, which was obtained from the certification authority by the supplier.
  • the supplier submits its own private key to the certification authority.
  • the SMS gateway 28 converts the pro forma invoice from HTTP format to SMPP format and also forwards the pro forma invoice to the application server front-end 26.
  • the application server front-end 26 allocates an identification number to the transaction session and sends the pro forma invoice to the buyer, via the GSM network.
  • the pro forma invoice is still encrypted.
  • the buyer enters his pass-phrase into his mobile telephone 22, whereafter the pro forma invoice is automatically decrypted by the encryption engine on the SIM card present in the mobile telephone 22, by using the private key of the buyer accessed by the entering of the pass-phrase.
  • a message displayed on the screen of the mobile telephone 22 requests the buyer to accept the transaction, i.e. to accept the invoice, by entering his pass-phrase.
  • the pro forma invoice is effectively converted into an electronic negotiable instrument which is returned to the supplier wireless application server 32.
  • This comprises the application server front-end 26 allocating an identification number to the transaction session and sending the electronic negotiable instrument to the SMS gateway 28.
  • the SMS gateway 28 converts the electronic negotiable instrument from SMPP format to HTTP format and forwards the electronic negotiable instrument to the payment gateway 30.
  • the electronic negotiable instrument is validated online and in real time by the certification authority 36.
  • the payment gateway 30 establishes a secure channel (IPsec pipe or channel) to the payment router 44.
  • the payment gateway 30 inserts the electronic negotiable instrument in an encryption applet and generates a unique session key. This session key is encrypted using a public key of the payment gateway 30.
  • the payment gateway 30 then forwards the applet to the payment router 44, as a transaction authorisation request directed at the acquiring bank 18.
  • the payment router 44 inspects the applet, and collects the identity and credentials of the buyer from the credential server 42 and the registrar authority 38, by means of the buyer's public key. On the strength of the buyer's public key, the registrar authority 38 provides the identity of the buyer to the credential server 42.
  • the credential server 42 adds the banking and delivery details of the buyer to the information and forwards it to the payment router 44.
  • the payment router 44 adds the credentials of the buyer to the applet and forwards the request for authorisation to the acquiring bank 18.
  • the acquiring bank 18 receives the electronic negotiable instrument and banking details of the buyer and requests the issuing bank 20, which is the bank holding funds of the buyer, to authorise the amount indicated in the electronic negotiable instrument, in real time, for the buyer's purchase.
  • the issuing bank 20 authorises the amount and reserves the funds until proof of performance by the supplier in accordance with the transaction has been provided and notifies the acquiring bank 18 accordingly.
  • the acquiring bank 18 sends the authorisation on to the payment router 44 which adds the positive transaction authorisation result from the acquiring bank 18 to the applet and returns the applet securely to the payment gateway 30.
  • the payment gateway 30 adds the transaction result, received from the acquiring bank 18, to an auditing report and forwards the data to the supplier wireless application server 32.
  • the wireless application server 32 creates a delivery note, in advance of actual delivery of the goods or services or the like.
  • the negotiable instrument server or generator 40 issues the supplier wireless application server 32 with a digital signature for the delivery note, whereafter the supplier wireless application server 32 requests the buyer's public key from the certification authority 36.
  • the certification authority 36 provides the buyer's public key to the supplier wireless application server 32, which then encrypts the delivery note with the public key of the buyer and forwards the encrypted delivery note to the SMS gateway 28.
  • the SMS gateway 28 converts the delivery note from HTTP format to SMPP format and also forwards the delivery note to the application server front-end 26.
  • the application server front-end 26 allocates and identification number to the transaction session and sends the ' delivery note to the buyer.
  • the delivery note When the buyer receives the delivery note on his mobile telephone 22, the delivery note is in encrypted format.
  • the buyer enters his pass-phrase into the mobile telephone 22 and waits for delivery of goods or services purchased.
  • the buyer accepts the goods or services if acceptable. This is accomplished by the buyer again entering his pass- phrase into the mobile telephone 22, thereby signing the delivery note and confirming acceptance of the delivery.
  • the signed delivery note is then returned to the supplier wireless application server 32, encrypted with the buyer's public key.
  • the application server front-end 26 again allocates an identification number to the transaction session and sends the signed delivery note to the supplier wireless application server 32, through the SMS gateway 28.
  • the SMS gateway 28 converts the delivery note from SMPP format to HTTP format and forwards the delivery note to the application server front-end 26.
  • the supplier wireless application server 32 thus receives the signed delivery note.
  • the signed delivery note is validated online and in real time by the certification authority 36, whereafter the " payment gateway 30 sends the authenticated signed delivery note to the acquiring bank 18, via the payment router 44 in order for the buyer's reserved funds at the issuing bank 20 to be released.
  • the payment router 44 thus forwards the delivery note to the acquiring bank 18, thereby confirming that the transaction has been completed to the extent that payment is now required.
  • the acquiring bank 18 forwards the delivery note to the issuing bank 20 which then transfers the required amount to the bank account of the supplier, via the financial banking switch 19.
  • the supplier wireless application server 32 archives the delivery note in a database.
  • the supplier wireless application server 32 creates a dispatch note in advance of the physical delivery.
  • the negotiable instrument server or generator 40 issues the supplier wireless application server 32 with a digitally signed certificate for the dispatch note, whereafter the supplier wireless application server 32 requests the public key of the party delivering the goods or services, from the certification authority 36.
  • the supplier wireless application server 32 encrypts the dispatch note with the public key of the delivering party, which is then forwarded to the SMS gateway 30.
  • the SMS gateway 30 converts the dispatch note from HTTP format to SMPP format and also forwards the dispatch note to the application server front-end 26.
  • the application server front-end 26 again allocates an identification number to the transaction session and sends the dispatch note to a GSM device in a delivery vehicle intended to deliver the goods or services.
  • the application server front-end 26 again allocates an identification number to the transaction session and sends the dispatch note also to the supplier wireless application server 32.
  • the driver of the vehicle signs the dispatch note by entering his pass-phrase into the GSM device in the vehicle, thereby confirming that delivery has been completed.
  • the signed dispatch note is transmitted to the supplier wireless application server 32, encrypted with the public key of the delivering party. This involves the SMS gateway 28 converting the signed dispatch note from SMPP format to HTTP format and forwarding the signed dispatch note to the application server front-end 26.
  • the signed dispatch note is validated online and in real time by the certification authority 36, whereafter the supplier wireless application server 32 archives the dispatch note in its database.
  • the display shows that a pro forma invoice has reached the mobile telephone.
  • the pro forma invoice is in the form of a digitally signed electronic document, which is encrypted with the buyer's public key obtained from a certification authority, such as AfriCA, and sent to the telephone as an SMS message.
  • the mobile telephone requests the buyer to enter his pass-phrase, as shown in Figure 3 of the drawings.
  • the pro forma invoice is decrypted with the buyer's private key and shown on the display of the mobile telephone, as shown in Figure 4 of the drawings.
  • the pro forma invoice is automatically saved in the mobile telephone in a directory for electronic source documents. By scrolling downwards, the buyer can also view the digital certificate which accompanied the pro forma invoice, as shown in Figure 5.
  • the buyer calls up an options menu, as shown in Figure 6 of the drawings and then selects to pay the invoice.
  • the mobile telephone prompts the buyer to enter his pass-phrase, as shown in Figure 7 of the drawings.
  • the buyer elects to pay for the goods or services and the mobile telephone automatically converts the pro forma invoice into an electronic negotiable instrument which, carries the buyer's signature, in the form of a digital certificate encrypted with the buyer's public key.
  • the signed negotiable instrument is then automatically returned through the wireless telecommunications environment 12 to the supplier wireless application server 32, whereafter the process as hereinbefore described, proceeds.
  • the mobile telephone requests the buyer to wait, as shown in Figure 8 of the drawings.
  • the delivery note is sent to the mobile telephone, in advance of physical delivery of the goods or services, in encrypted format.
  • the buyer is then provided with an opportunity to approve the delivery note, as shown in Figure 9.
  • the delivery note and its accompanying digital certificate are decrypted with the buyer's private key and shown on the display of the mobile telephone, as shown in Figures 11 and 12 of the drawings.
  • the buyer is then prompted to again enter his pass-phrase, as shown in Figure 13 of the drawings.
  • the signed delivery note is returned through the wireless telecommunications environment 12, encrypted with the buyer's public key, eventually to reach the issuing bank 20 to release the reserved funds to the supplier.
  • the mobile telephone then reverts to a display screen (see Figure 14) through which access can be obtained to a menu (not shown) providing purchase options on the mobile telephone.
  • the procedure is thus virtually the same as described hereinbefore in relation to the situation where the buyer places a verbal purchasing order, except that the procedure effectively starts with a pro forma invoice already being present on the mobile telephone and selected by the buyer for converting into a negotiable instrument or payment instruction to a financial institution.
  • the invention also provides the possibility of obtaining a negotiable instrument in electronic format, using the communications environment 10 as hereinbefore described.
  • data messages will flow mostly between the mobile telephone of the person wishing to obtain the negotiable instrument, an issuing bank holding funds of that person, and the certification authority.
  • This procedure also relies on the public key infrastructure managed by the certification authority.
  • the request for the issuance of a negotiable instrument can be generated from a mobile telecommunications device such as a mobile telephone and the issued electronic negotiable instrument can be received by and stored in the mobile telecommunications device.
  • the electronic negotiable instrument can easily be forwarded from the mobile telecommunications device to another device, e.g. another mobile telephone.

Abstract

A method of effecting a transaction includes receiving an electronic negotiable instrument over a communications network (12) from a buyer. The negotiable instrument is authenticated online and in real time by a certification authority (36) as to its origin. The negotiable instrument is then submitted online to a financial institution (20) holding funds of the buyer to obtain confirmation that the buyer has sufficient funds for the transaction available and that the funds are being reserved by the financial institution, after which delivery in accordance with the transaction is performed if the funds are available and reserved, and payment is obtained from the financial institution holding the reserved funds.

Description

ELECTRONIC COMMERCE TRANSACTIONS
THIS INVENTION relates to electronic commerce transactions. In particular, it relates to a method of effecting a transaction, to a method of issuing a negotiable instrument, and to a wireless communications device.
In the conventional non-electronic business environment, parties trading with each other usually accept a transaction by physically signing conventional source documents with a pen. These source documents are typically in the form of a quotation or tender, a pro forma invoice, a purchase order, a negotiable instrument such as a cheque, a payment receipt, a demand letter or a delivery note. These source documents reflect the business intention of the parties and establish their commitment. However, when using such physical source documents, it often takes a long time to reach agreement and effect a transaction. It would thus be desirable to provide a method of effecting a transaction which allows the participants to establish an agreement in a non-repudiatable way without the conventional delays and red tape, thereby ensuring efficient delivery of goods and services and immediate payment therefor.
According to one aspect of the invention, there is provided a method of effecting a transaction, the method including receiving an electronic negotiable instrument over a communications network from a buyer, the negotiable instrument being authenticated online and in real time by a certification authority as to its origin; submitting the negotiable instrument online to a financial institution holding funds of the buyer to obtain confirmation that the buyer has sufficient funds for the transaction available and that the funds are being reserved by the financial institution; performing delivery in accordance with the transaction if the funds are available and reserved; and obtaining payment from the financial institution holding the reserved funds.
In this specification, by "authenticate" is meant that the party or parties or device or devices has/have been identified as to their true identify and that the electronic document in question is current and originates from the party claiming to have sent it in real time.
The method may include, in response to a request from the buyer for the provision of goods or services or the like, sending an invoice over a communications network to the buyer so that the buyer can convert the invoice into an electronic negotiable instrument by approving and returning the invoice. The invoice may be authenticated online and in real time by a certification authority as to its origin.
The invention thus provides a method of purchasing goods and services from a wireless communications device, such as a mobile telephone, in a transaction which is processed in a straight-through way and which is executed and validated in real time.
The invoice is thus delivered and presented to a buyer's handheld or terminal communications device through a wireless communication medium, as a digitally signed certified data message and encrypted with a public key allocated to the buyer by a certification authority managing a private key infrastructure (PKI). The buyer then decrypts the invoice at his own discretion, inspects the contents thereof, accepts it by signing it with an identification code or digital signature or other identification feature, and submitting it online to his bank to allow payment to take place.
Due to communication limitations and restricted processing capabilities of wireless handheld or terminal communication devices, a buyer will typically need to use a micro-encryption key and micro-digital certificate in order to use the method of the invention. Where Internet browsers and servers are being used, commercially available standard encryption keys and digital certificates can be used. As will be appreciated, all parties participating in the transaction should be enrolled, under a Commissioner of Oaths at a recognised certification authority, preferably one that complies with the International X.509 standard. Performing delivery in accordance with the transaction may include sending a delivery note over a communications network to the buyer to obtain acknowledgment of delivery of the goods or services or the like, the delivery note being authenticated online and in real time by a certification authority as to its origin; delivering to the buyer goods or services or the like in accordance with the. transaction; and receiving from the buyer over a communications network an acknowledged delivery note, the acknowledged delivery note being authenticated online and in real time by a certification authority as to its origin.
Obtaining payment from the financial institution holding the reserved funds may include submitting the authenticated acknowledged delivery note over a communications network to the financial institution holding the reserved funds; and receiving the required payment from the financial institution holding the reserved funds.
The invoice may be sent in response to a request for goods or services or the like submitted in electronic digital format from a mobile telephone, the electronic request being encrypted with a public key of the buyer. Instead, the invoice may be submitted in response to a request for goods or services or the like submitted verbally or in writing.
A transaction in accordance with the invention may thus be initiated by a buyer placing an order in a conventional manner, for example by phoning in a verbal order, by sending a letter, fax or e-mail, or the like. A transaction may also be initiated by the buyer selecting an item (goods or services) available for selection on the buyer's wireless telecommunications device. These goods or services will typically be listed in menu format and by selecting one of the listed items, the transaction is automatically initiated.
The authenticated invoice may be sent in digital SMS message format over a wireless telecommunications network to the buyer. The authenticated invoice, and other data sent over a wireless telecommunications network may however be in the form of Subscriber Identity Module Browser. Data messages or SS7 Protocol (Unstructured Supplementary Services Data) messages or other WAP or non-WAP messages.
Preferably, the authenticated invoice is sent to the buyer encrypted with a public key of the buyer.
Approving the invoice may include entering a pass-phrase or other identification feature into a communications device, thereby to obtain a public key of the buyer from the certification authority, the electronic negotiable instrument thus being encrypted with the public key of the buyer.
The term "pass-phrase" includes concepts such as a biometric template, user name password, challenge and response system, token, smartcard or microchip device or other physical key device.
The telecommunications network over which the electronic negotiable instrument is received from the buyer typically includes a wireless telecommunications network.
Obtaining confirmation from a financial institution holding funds of the buyer that sufficient funds for the transaction are being reserved by the financial institution, may include providing the financial institution holding funds of the buyer with a transaction amount and the identity of the buyer. The identity of the buyer may be established from the certification authority by using a public key of the buyer.
The transaction amount and the identity of the buyer may be submitted to an acquiring financial institution acting for a provider of the goods or services or the like to enable the acquiring financial institution to obtain proof from the financial institution holding funds of the buyer that sufficient funds are available and being reserved for the transaction, the provider thus receiving confirmation from the financial institution holding funds of the buyer if sufficient funds are available and reserved, via the acquiring financial institution.
Preferably, the authenticated delivery note is encrypted with a public key of the buyer.
Typically, the communications network over which the authenticated delivery note is sent includes a wireless telecommunications network. The communications network over which the acknowledged delivery note is received from the buyer also typically includes a wireless telecommunications network. The delivery note may be acknowledged by a pass-phrase or other identification feature entered into a communications device, thereby to acknowledge the delivery note and to encrypt the delivery note with a public key of the buyer.
The authenticated acknowledged delivery note may be submitted to an acquiring financial institution acting for a provider of the goods or services or the like, the acquiring financial institution in turn submitting the authenticated acknowledged delivery note to the financial institution holding the reserved funds in order to receive the required payment from the financial institution holding the reserved funds.
Performing delivery in accordance with the transaction may include providing a delivery party, over a communications network, with a dispatch note, the dispatch note being encrypted with a public key of the delivery party and being authenticated online and in real time by a certification authority as to its origin; and receiving the dispatch note over a communications network from the delivery party once delivery has taken place, the dispatch note being encrypted with a public key of the delivery party and authenticated by a certification authority as to its origin.
Typically, the communications network over which the dispatch note is provided and received includes a wireless telecommunications network.
The method of the invention is thus particularly suitable for use in cases where a buyer wishes to make use of a wireless telecommunications device, such as a mobile telephone, to effect a transaction. Messages to and from the mobile telephone will thus be sent using a wireless telecommunications network, such as a GSM network. This will also apply to a delivery party which has the use of a wireless telecommunications device, such as a mobile telephone. Preferably, the certification authority involved in each authentication action is the same certification authority.
According to another aspect of the invention, there is provided a method of issuing a negotiable instrument, the method including receiving a request for the negotiable instrument over a wireless communications network, the request being authenticated by a certification authority as to its origin; obtaining details of the party requesting the negotiable instrument from the certification authority; confirming whether or not the party requesting the negotiable instrument has sufficient funds to cover the negotiable instrument, and, if the party does have sufficient funds; reserving the funds and sending an electronic negotiable instrument in encrypted format to a wireless communications device for storing in the wireless communications device.
The method of issuing a negotiable instrument is of great convenience to a person in possession of a mobile telecommunications device, such as a mobile telephone, provided the person is registered with a certification authority. When the person receives the electronic negotiable instrument or message, the message is in effect an electronic bank guaranteed cheque that can be signed electronically by the person to whom it was issued and then forwarded to a beneficiary as an interacting straight-through processed digitally signed certificate data message.
The received request for the negotiable instrument may be encrypted with the public key of the party requesting the negotiable instrument. Typically, the electronic negotiable instrument being sent to the wireless communications device is encrypted with the public key of the party requesting the negotiable instrument.
Preferably, the certification authority authenticates the electronic negotiable instrument being sent to the wireless communications device as to origin. Even more preferably, the certification authority authenticates the origin of the electronic negotiable instrument online and in real time. The certification authority preferably authenticates the request online and in real time.
The request for the negotiable instrument may be generated from a mobile telecommunications device by selecting menu options provided on the mobile telecommunications device.
The stored electronic negotiable instrument may make provision for entering the name of a beneficiary.
The received request for the negotiable instrument may originate as a digital SMS message.
According to a further aspect of the invention, there is provided a wireless communications device which includes a processor or processing means programmed to provide menu options to a user from which can be selected a request for the issuance of a negotiable instrument in electronic format and/or from which can be selected the option to enter a user identification code or other feature in order to convert an electronic document present on the device into a negotiable instrument in electronic format; an input device or input means with which data can be fed to the processor or processing means; and a transmitter and receiver for transmitting a request for the issuance of a negotiable instrument in electronic format and for receiving a negotiable instrument in electronic format.
The processor or processing means may be programmed to enable transmission of a received negotiable instrument in electronic format to a receiving party over a wireless telecommunications network.
The wireless telecommunications device may include an encryption engine or encryption means to encrypt the request for the issuance of a negotiable instrument in electronic format. The menu options may allow entering of a user identification code or feature or the like to obtain an encryption key to encrypt the request for the issuance of a negotiable instrument in electronic format. Preferably, the wireless telecommunications device includes an encryption engine or encryption means to encrypt the received negotiable instrument prior to the received negotiable instrument being transmitted to a receiving party over a wireless telecommunications network. Thus, typically, as soon as a request is initiated, the wireless communications device requests the user to enter a user identification code or secret pass-phrase. The encryption engine then creates a private encryption key, allocated to the user by a certification authority administering a PKI, in order to transmit the data securely and to identify the user at the certification authority. A public key can then be retrieved from the certification authority. The public key is returned to the wireless communications device and is used to encrypt a negotiable instrument sent to the wireless telecommunications device.
The invention will now be described, by way of example only, with reference to the accompanying drawings in which
Figure 1 shows a schematic diagram of a communications environment within which a transaction in accordance with the method of the invention can be effected; and Figures 2 to 14 show various displays on a mobile telephone being used to effect a transaction in accordance with the method of the invention.
Referring to Figure 1 of the drawings, reference numeral 10 generally indicates a communications environment within which a transaction in accordance with the method of the invention can be effected. The communications environment 10 broadly includes a wireless telecommunications environment 12, a regional information technology (IT) infrastructure 14, a continental IT infrastructure 16 and a bank funds switch 19 servicing an acquiring bank 18 and an issuing bank 20.
Within the wireless telecommunications environment 12, are located a mobile telephone 22 and an SMSC server 24. The wireless telecommunications environment 12 can in principle be any one of a number of conventional wireless telecommunications environments, such as GSM, 3G, CdmaOne, TDMA, PDC Network, X25 Radio, Satellite Data, Digital Satellite Television, and wireless wide, local and municipality area networks. However, in the communications environment 10, the wireless telecommunications environment 12 is a GSM network. The mobile telephone 22, in accordance with the invention, has a Subscriber Identity Module card (SIM card) which includes an encryption engine to encrypt and decrypt SMS messages. The telephone 22 is also programmed to provide a user with the option to request the issuance of a negotiable instrument in an electronic format. Instead of a mobile telephone, a terminal or point of sale device communicating in wireless fashion can also be used. Typically, these devices include a security access module which includes an encryption engine.
The regional IT infrastructure 14 includes an application server front-end 26, an SMS gateway 28, a payment gateway 30, a supplier wireless application server 32, an administration server 34 and a database server 35.
The application server front-end 26 is a GSM device which exchanges a proxy ID ISM between the payment gateway 30 and the mobile telephone 22.
The SMS gateway 28 converts SMPP data messages (short text messages) into HTTP language, to allow the supplier wireless application server 32 to interpret the data messages. SMPP stands for Short Message Peer to Peer protocol. HTTP is the well-known computer handshaking protocol (using TCP) used between a web browser and a web server to transfer hypertext requests.
The payment gateway server 30 includes security software and acts as a secure postman system. It provides several connectors to widely used commerce applications. In other words, the payment gateway server 30 provides back office integration.
The administration server 32 is available to a supplier of goods and services or the like to analyse transactions involving the supplier and to submit transaction modifications via the payment gateway 30, such as manual discounts, order cancellations or reversals, faxed orders, call centre orders, and the like.
Typically, the regional IT infrastructure 14 is configured to provide application level security solutions, such as a set of software services that integrates multiple, disparate hardware and software components and security mechanisms into a robust, easily managed and secure environment where each transaction is secured to the appropriate level, strong authentication, integration, data integrity, digital signing, encryption and load-balancing abilities, extensive logging, audit and automated backup capabilities to facilitate control and management and allows an administrator to define exact parameters for authentication, non-repudiation, integrity, auditability, confidentiality and web access control. The regional IT infrastructure 14 is established using a secure telecommunications vendor and is a secure hosting infrastructure.
A secured area is provided between this hosting infrastructure and the Internet, which forms part of the communications environment 10. The secured area is protected with well implemented, managed and policy-based firewalls. This includes a web relay server (not shown) providing a load-balancing public access point for applications that stamps incoming requests to an internal firewall content filter, and an application level security server (not shown). The web relay server also initiates the establishment of a secure channel (IPsec) between an Internet browser and the application level security server. This in effect removes any direct path between an end user and the hosting infrastructure, thus effectively shielding the hosting infrastructure from hostile access. The secured area typically also employs network intrusion detection systems.
The continental IT infrastructure 16 includes a certification authority 36, a registrar authority 38, a negotiable instrument server or generator 40, a credential server 42, a payment router 44 and a database server 45. The continental IT infrastructure 16 is a secure hosting infrastructure.
The payment router 44 switches transactions in an end-to-end secured fashion between the payment gateway servers 30 of each supplier making use of the communications environment 10 to effect transactions in accordance with the method of the invention. The payment router 44 is parameter driven to communicate with any bank switch, such as the switch 19, in a totally secure manner.
The credential server 42 functions as a depository for banking details and delivery credentials that can only be accessed using a buyer's public key for the purposes of a specific transaction. The certification authority 36 allocates private and public keys to parties wishing to use the communications environment 10 to effect a transaction in accordance with the invention. It thus provides a private key infrastructure (PKI) so that transactions can be validated online and in real time, obviating the use of certificate revocation database lists. The workings and use of a PKI is known to those skilled in the art and will not be described in any detail herein. The certification authority 36 has the ability to provide route certificate roll-over functionalities to protect the investment in the public key infrastructure in the event of a route certificate expiration or compromise. The reason for this is that the micro-browsers inside mobile telecommunications devices are generally not easy to update after manufacture. The certification authority 36 also provides a hybrid certificate signing ability, which contains a subject public key for an encryption system that is different from the one that the certification authority uses to sign the certificate. For the present invention, it is envisaged that a certification authority be used which has proprietary technology which includes a small certificate format to improve processing speed and reduce storage requirements, and an anonymous ID system to protect client identity.
The purpose of the registrar authority 38 is to capture the information or details relating to parties using the communications environment 10 for purposes of effecting a transaction in accordance with the method of the invention. The information is stored at the registrar authority 38 for verification and for the checking of the information provided by the requestors of a digital certificate.
The acquiring bank 18 is the financial institution used by a supplier of goods or services. The acquiring bank 18 is linked at source code level in the electronic payment solution provided by the invention. The issuing bank 20 is the financial institution holding funds of the buyer. As will be appreciated, a single bank can be the acquiring bank as well as the issuing bank in the same transaction. The buyer's bank account or bank accounts is/are linked with the buyer's public key in the credential server 42. The financial banking switch 19 typically resides with the acquiring bank 18 and is integrated into the payment router 44 on a source code level. This IS08583 compliant capability enables the payment router 44 to execute transactions in real time. The financial banking switch 19 includes a transaction manager (not shown) which is responsible for authorisation of the issuance of an electronic negotiable instrument and reservation of the buyer's funds at the issuing bank, transaction settlement, including reconciliation of transactions by the various parties involved in each transaction, transaction integrity management to prevent transactions from becoming lost or duplicated, transaction routing to ensure that transactions following different paths through the financial institution's network end up at correct destinations, and currency conversion to ensure that transactions can be carried out on a foreign currency account.
The use of the communications environment 10 to effect a transaction in accordance with the invention, will now be described for the case where a buyer (a male person) telephonically contacts a supplier of goods or services or the like, and places a purchase order verbally. The buyer in this case makes the call from the mobile telephone 22 and is registered with the certification authority 36, so that he has a private key and a public key, and a pass-phrase which, on entering into his mobile telephone 22, generates the private key.
A sales or administration person at the supplier enters the purchase order manually into the supplier wireless application server 32 which automatically creates a pro forma invoice which is forwarded back to the buyer through the wireless telecommunications environment 12. The pro forma invoice is sent to the buyer in SMS message format and is digitally signed by the supplier.
Before sending the pro forma invoice to the buyer, the pro forma invoice is authenticated online and in real time by the certification authority 36. The certification authority 36 thus certifies that the pro forma invoice has originated from the supplier, by authenticating the digital signature (a digitally signed certificate) of the supplier.
The pro forma invoice is encrypted with the buyer's public key, which was obtained from the certification authority by the supplier. In order to achieve this, the supplier submits its own private key to the certification authority.
The SMS gateway 28 converts the pro forma invoice from HTTP format to SMPP format and also forwards the pro forma invoice to the application server front-end 26. The application server front-end 26 allocates an identification number to the transaction session and sends the pro forma invoice to the buyer, via the GSM network. When the supplier's pro forma invoice reaches the buyer's mobile telephone 22, the pro forma invoice is still encrypted. In order to read the pro forma invoice, the buyer enters his pass-phrase into his mobile telephone 22, whereafter the pro forma invoice is automatically decrypted by the encryption engine on the SIM card present in the mobile telephone 22, by using the private key of the buyer accessed by the entering of the pass-phrase.
A message displayed on the screen of the mobile telephone 22 requests the buyer to accept the transaction, i.e. to accept the invoice, by entering his pass-phrase. Once the buyer signs the pro forma invoice, which is an electronic source document, by entering his pass-phrase, the pro forma invoice is effectively converted into an electronic negotiable instrument which is returned to the supplier wireless application server 32. This comprises the application server front-end 26 allocating an identification number to the transaction session and sending the electronic negotiable instrument to the SMS gateway 28. The SMS gateway 28 converts the electronic negotiable instrument from SMPP format to HTTP format and forwards the electronic negotiable instrument to the payment gateway 30. At the same time, the electronic negotiable instrument is validated online and in real time by the certification authority 36. The payment gateway 30 establishes a secure channel (IPsec pipe or channel) to the payment router 44. The payment gateway 30 inserts the electronic negotiable instrument in an encryption applet and generates a unique session key. This session key is encrypted using a public key of the payment gateway 30. The payment gateway 30 then forwards the applet to the payment router 44, as a transaction authorisation request directed at the acquiring bank 18.
The payment router 44 inspects the applet, and collects the identity and credentials of the buyer from the credential server 42 and the registrar authority 38, by means of the buyer's public key. On the strength of the buyer's public key, the registrar authority 38 provides the identity of the buyer to the credential server 42. The credential server 42 adds the banking and delivery details of the buyer to the information and forwards it to the payment router 44. The payment router 44 adds the credentials of the buyer to the applet and forwards the request for authorisation to the acquiring bank 18. The acquiring bank 18 receives the electronic negotiable instrument and banking details of the buyer and requests the issuing bank 20, which is the bank holding funds of the buyer, to authorise the amount indicated in the electronic negotiable instrument, in real time, for the buyer's purchase.
If the buyer has sufficient funds available in his account at the issuing bank 20, the issuing bank 20 authorises the amount and reserves the funds until proof of performance by the supplier in accordance with the transaction has been provided and notifies the acquiring bank 18 accordingly. The acquiring bank 18 sends the authorisation on to the payment router 44 which adds the positive transaction authorisation result from the acquiring bank 18 to the applet and returns the applet securely to the payment gateway 30.
The payment gateway 30 adds the transaction result, received from the acquiring bank 18, to an auditing report and forwards the data to the supplier wireless application server 32. The wireless application server 32 creates a delivery note, in advance of actual delivery of the goods or services or the like.
The negotiable instrument server or generator 40 issues the supplier wireless application server 32 with a digital signature for the delivery note, whereafter the supplier wireless application server 32 requests the buyer's public key from the certification authority 36. The certification authority 36 provides the buyer's public key to the supplier wireless application server 32, which then encrypts the delivery note with the public key of the buyer and forwards the encrypted delivery note to the SMS gateway 28.
The SMS gateway 28 converts the delivery note from HTTP format to SMPP format and also forwards the delivery note to the application server front-end 26. The application server front-end 26 allocates and identification number to the transaction session and sends the'delivery note to the buyer.
When the buyer receives the delivery note on his mobile telephone 22, the delivery note is in encrypted format. In order to view the delivery note, the buyer enters his pass-phrase into the mobile telephone 22 and waits for delivery of goods or services purchased. When the goods or services are delivered, the buyer accepts the goods or services if acceptable. This is accomplished by the buyer again entering his pass- phrase into the mobile telephone 22, thereby signing the delivery note and confirming acceptance of the delivery. The signed delivery note is then returned to the supplier wireless application server 32, encrypted with the buyer's public key.
The application server front-end 26 again allocates an identification number to the transaction session and sends the signed delivery note to the supplier wireless application server 32, through the SMS gateway 28. The SMS gateway 28 converts the delivery note from SMPP format to HTTP format and forwards the delivery note to the application server front-end 26. The supplier wireless application server 32 thus receives the signed delivery note.
The signed delivery note is validated online and in real time by the certification authority 36, whereafter the "payment gateway 30 sends the authenticated signed delivery note to the acquiring bank 18, via the payment router 44 in order for the buyer's reserved funds at the issuing bank 20 to be released.
The payment router 44 thus forwards the delivery note to the acquiring bank 18, thereby confirming that the transaction has been completed to the extent that payment is now required. The acquiring bank 18 forwards the delivery note to the issuing bank 20 which then transfers the required amount to the bank account of the supplier, via the financial banking switch 19.
The supplier wireless application server 32 archives the delivery note in a database.
In the case where physical delivery of the goods or services is required, as in the present case, the supplier wireless application server 32 creates a dispatch note in advance of the physical delivery. The negotiable instrument server or generator 40 issues the supplier wireless application server 32 with a digitally signed certificate for the dispatch note, whereafter the supplier wireless application server 32 requests the public key of the party delivering the goods or services, from the certification authority 36. The supplier wireless application server 32 encrypts the dispatch note with the public key of the delivering party, which is then forwarded to the SMS gateway 30.
The SMS gateway 30 converts the dispatch note from HTTP format to SMPP format and also forwards the dispatch note to the application server front-end 26. The application server front-end 26 again allocates an identification number to the transaction session and sends the dispatch note to a GSM device in a delivery vehicle intended to deliver the goods or services. The application server front-end 26 again allocates an identification number to the transaction session and sends the dispatch note also to the supplier wireless application server 32.
When delivery has taken place, the driver of the vehicle signs the dispatch note by entering his pass-phrase into the GSM device in the vehicle, thereby confirming that delivery has been completed. The signed dispatch note is transmitted to the supplier wireless application server 32, encrypted with the public key of the delivering party. This involves the SMS gateway 28 converting the signed dispatch note from SMPP format to HTTP format and forwarding the signed dispatch note to the application server front-end 26.
The signed dispatch note is validated online and in real time by the certification authority 36, whereafter the supplier wireless application server 32 archives the dispatch note in its database.
Referring to Figures 2 to 14 of the drawings, various displays on a mobile telephone being used to effect a transaction in accordance with the method of the invention, are shown.
In Figure 2, the display shows that a pro forma invoice has reached the mobile telephone. The pro forma invoice is in the form of a digitally signed electronic document, which is encrypted with the buyer's public key obtained from a certification authority, such as AfriCA, and sent to the telephone as an SMS message.
If the buyer elects to approve the pro forma invoice, by entering "show" into the mobile telephone, the mobile telephone requests the buyer to enter his pass-phrase, as shown in Figure 3 of the drawings. Once the buyer has entered his pass-phrase, the pro forma invoice is decrypted with the buyer's private key and shown on the display of the mobile telephone, as shown in Figure 4 of the drawings. At the same time, the pro forma invoice is automatically saved in the mobile telephone in a directory for electronic source documents. By scrolling downwards, the buyer can also view the digital certificate which accompanied the pro forma invoice, as shown in Figure 5.
If the buyer is satisfied with the details reflected in the pro forma invoice, the buyer calls up an options menu, as shown in Figure 6 of the drawings and then selects to pay the invoice. On selecting to pay the invoice, the mobile telephone prompts the buyer to enter his pass-phrase, as shown in Figure 7 of the drawings. By entering his pass-phrase, the buyer elects to pay for the goods or services and the mobile telephone automatically converts the pro forma invoice into an electronic negotiable instrument which, carries the buyer's signature, in the form of a digital certificate encrypted with the buyer's public key. The signed negotiable instrument is then automatically returned through the wireless telecommunications environment 12 to the supplier wireless application server 32, whereafter the process as hereinbefore described, proceeds. During this time, the mobile telephone requests the buyer to wait, as shown in Figure 8 of the drawings.
Once the acquiring bank 18 has obtained transaction authorisation from the issuing bank 20, the delivery note is sent to the mobile telephone, in advance of physical delivery of the goods or services, in encrypted format. The buyer is then provided with an opportunity to approve the delivery note, as shown in Figure 9.
In order to decrypt the encrypted delivery note, the buyer has to enter his pass-phrase, for which he is prompted when the buyer elects to see the delivery note. This situation is shown in Figure 10 of the drawings.
After the buyer has entered his pass-phrase, the delivery note and its accompanying digital certificate are decrypted with the buyer's private key and shown on the display of the mobile telephone, as shown in Figures 11 and 12 of the drawings. In order to approve the delivery note, the buyer is then prompted to again enter his pass-phrase, as shown in Figure 13 of the drawings. On entering the pass-phrase, the signed delivery note is returned through the wireless telecommunications environment 12, encrypted with the buyer's public key, eventually to reach the issuing bank 20 to release the reserved funds to the supplier. The mobile telephone then reverts to a display screen (see Figure 14) through which access can be obtained to a menu (not shown) providing purchase options on the mobile telephone.
On this menu screen, goods and services already available to a buyer are presented on the buyer's mobile telephone. The buyer selects at his or her own discretion, from the displayed options, a required service or product. Typically, these include options to play a lotto, to take part in sports betting, to take part in number games, or to purchase prepaid mobile telephone airtime or prepaid electricity. The buyer executes the selected transaction by simply following the procedure displayed on the mobile telephone, which uses micro public key infrastructure technology, in the form of interacting straight-through processed, digitally signed certificate data messages as hereinbefore described. The procedure is thus virtually the same as described hereinbefore in relation to the situation where the buyer places a verbal purchasing order, except that the procedure effectively starts with a pro forma invoice already being present on the mobile telephone and selected by the buyer for converting into a negotiable instrument or payment instruction to a financial institution.
The invention also provides the possibility of obtaining a negotiable instrument in electronic format, using the communications environment 10 as hereinbefore described. In such a case, data messages will flow mostly between the mobile telephone of the person wishing to obtain the negotiable instrument, an issuing bank holding funds of that person, and the certification authority. This procedure also relies on the public key infrastructure managed by the certification authority. Advantageously, the request for the issuance of a negotiable instrument can be generated from a mobile telecommunications device such as a mobile telephone and the issued electronic negotiable instrument can be received by and stored in the mobile telecommunications device. As a result, the electronic negotiable instrument can easily be forwarded from the mobile telecommunications device to another device, e.g. another mobile telephone.

Claims

CLAIMS:
1. A method of effecting a transaction, the method including receiving an electronic negotiable instrument over a communications network from a buyer, the negotiable instrument being authenticated online and in real time by a certification authority as to its origin; submitting the negotiable instrument online to a financial institution holding funds of the buyer to obtain confirmation that the buyer has sufficient funds for the transaction available and that the funds are being reserved by the financial institution; performing delivery in accordance with the transaction if the funds are available and reserved; and obtaining payment from the financial institution holding the reserved funds.
2. The method as claimed in claim 1 , which, in response to a request from the buyer for the provision of goods or services or the like, includes sending an invoice over a communications network to the buyer so that the buyer can convert the invoice into an electronic negotiable instrument by approving and returning the invoice, the invoice being authenticated online and in real time by a certification authority as to its origin.
3. The method as claimed in claim 1 , in which performing delivery in accordance with the transaction includes sending a delivery note over a communications network to the buyer to obtain acknowledgment of delivery of the goods or services or the like, the delivery note being authenticated online and in real time by a certification authority as to its origin; delivering to the buyer goods or services or the like in accordance with the transaction; and receiving from the buyer over a communications network an acknowledged delivery note, the acknowledged delivery note being authenticated online and in real time by a certification authority as to its origin.
4. The method as claimed in claim 3, in which obtaining payment from the financial institution holding the reserved funds includes submitting the authenticated acknowledged delivery note over a communications network to the financial institution holding the reserved funds; and receiving the required payment from the financial institution holding the reserved funds.
5. The method as claimed in claim 2, in which the invoice is sent in response to a request for goods or services or the like submitted in electronic digital format from a mobile telephone, the electronic request being encrypted with a public key of the buyer.
6. The method as claimed in claim 2, in which the invoice is sent in response to a request for goods or services or the like submitted verbally or in writing.
7. The method as claimed in claim 2, in which the authenticated invoice is sent in digital SMS message format over a wireless telecommunications network to the buyer.
8. The method as claimed in claim 2, in which the authenticated invoice is sent to the buyer encrypted with a public key of the buyer.
9. The method as claimed in claim 2, in which approving the invoice includes entering a pass-phrase or other identification feature into a communications device, thereby to obtain a public key of the buyer from the certification authority, the electronic negotiable instrument thus being encrypted with a public key of the buyer.
10. The method as claimed in claim 1 , in which the telecommunications network over which the electronic negotiable instrument is received from the buyer includes a wireless telecommunications network.
1 . The method as claimed in claim 1 , in which obtaining confirmation from a financial institution holding funds of the buyer that sufficient funds for the transaction are being reserved by the financial institution, includes providing the financial institution holding funds of the buyer with a transaction amount and the identity of the buyer, the identity of the buyer being established from the certification authority by using a public key of the buyer.
12. The method as claimed in claim 11 , in which the transaction amount and the identity of the buyer are submitted to an acquiring financial institution acting for a provider of the goods or services or the like to enable the acquiring financial institution to obtain proof from the financial institution holding funds of the buyer that sufficient funds are available and being reserved for the transaction, the provider thus receiving confirmation from the financial institution holding funds of the buyer if sufficient funds are available and reserved, via the acquiring financial institution.
13. The method as claimed in claim 3, in which the authenticated delivery note is encrypted with a public key of the buyer.
14. The method as claimed in claim 3, in which the communications network over which the authenticated delivery note is sent includes a wireless telecommunications network.
15. The method as claimed in claim3, in which the communications network over which the acknowledged delivery note is received from the buyer includes a wireless telecommunications network, the delivery note being acknowledged by a pass-phrase or other identification feature entered in a communications device, thereby to acknowledge the delivery note and to encrypt the delivery note with a public key of the buyer.
16. The method as claimed in claim 4, in which the authenticated acknowledged delivery note is submitted to an acquiring financial institution acting for a provider of the goods or services or the like, the acquiring financial institution in turn submitting the authenticated acknowledged delivery note to the financial institution holding the reserved funds in order to receive the required payment from the financial institution holding the reserved funds.
17. The method as claimed in claim 1 , in which performing delivery in accordance with the transaction includes providing a delivery party, over a communications network, with a dispatch note, the dispatch note being encrypted with a public key of the delivery party and being authenticated online and in real time by a certification authority as to its origin; and receiving the dispatch note over a communications network from the delivery party once delivery has taken place, the dispatch note being encrypted with a public key of the delivery party and authenticated by a certification authority as to its origin.
18. The method as claimed in claim 17, in which the communications network over which the dispatch note is provided and received includes a wireless telecommunications network.
19. A method of issuing a negotiable instrument, the method including receiving a request for the negotiable instrument over a wireless communications network, the request being authenticated by a certification authority as to its origin; obtaining details of the party requesting the negotiable instrument from the certification authority; confirming whether or not the party requesting the negotiable instrument has sufficient funds to cover the negotiable instrument, and, if the party does have sufficient funds; reserving the funds and sending an electronic negotiable instrument in encrypted format to a wireless communications device for storing in the wireless communications device.
20. The method as claimed in claim 19, in which the received request for the negotiable instrument is encrypted with a public key of the party requesting the negotiable instrument.
21. The method as claimed in claim 19, in which the electronic negotiable instrument being sent to the wireless communications device is encrypted with a public key of the party requesting the negotiable instrument.
22. The method as claimed in claim 19, in which the certification authority authenticates the electronic negotiable instrument being sent to the wireless communications device as to origin.
23. The method as claimed in claim 22, in which the certification authority authenticates the origin of the electronic negotiable instrument online and in real time.
24. The method as claimed in claim 19, in which the certification authority authenticates the request online and in real time.
25. The method as claimed in claim 19, in which the request for the negotiable instrument is generated from a mobile telecommunications device by selecting menu options provided on the mobile telecommunications device.
26. The method as claimed in claim 19, in which the stored electronic negotiable instrument makes provision for entering the name of a beneficiary.
27. The method as claimed in claim 19, in which the received request for the negotiable instrument originated as a digital SMS message.
28. A wireless communications device which includes a processor or processing means programmed to provide menu options to a user from which can be selected a request for the issuance of a negotiable instrument in electronic format and/or from which can be selected the option to enter a user identification code or feature in order to convert an electronic document present on the device into a negotiable instrument in electronic format; an input device or input means with which data can be fed to the' processor or processing means; and a transmitter and receiver for transmitting a request for the issuance of a negotiable instrument in electronic format and for receiving a negotiable instrument in electronic format.
29. The wireless communications device as claimed in claim 28, in which the processor or processing means is programmed to enable transmission of a received negotiable instrument in electronic format to a receiving party over a wireless telecommunications network.
30. The wireless telecommunications device as claimed in claim 28, which includes an encryption engine or encryption means to encrypt the request for the issuance of a negotiable instrument in electronic format, and in which the menu options allow entering of a user identification code or feature to obtain an encryption key to encrypt the request for the issuance of a negotiable instrument in electronic format.
31. The wireless telecommunications device as claimed in claim 29, which includes an encryption engine or encryption means to encrypt the received negotiable instrument prior to the received negotiable instrument being transmitted to a receiving party over a wireless telecommunications network.
32. A method of effecting a transaction as claimed in claim 1 , substantially as herein described and illustrated.
33. A method of issuing a negotiable instrument as claimed in claim 19, substantially as herein described and illustrated.
34. A wireless communications device as claimed in claim 28, substantially as herein described and illustrated.
35. A new method of effecting a transaction, a new method of issuing a negotiable instrument, or a new wireless communications device, substantially as herein described.
PCT/IB2003/003873 2002-09-11 2003-09-11 Electronic commerce transactions WO2004025392A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003259449A AU2003259449A1 (en) 2002-09-11 2003-09-11 Electronic commerce transactions

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ZA2002/7297 2002-09-11
ZA200207297 2002-09-11

Publications (2)

Publication Number Publication Date
WO2004025392A2 true WO2004025392A2 (en) 2004-03-25
WO2004025392A3 WO2004025392A3 (en) 2004-06-03

Family

ID=31994751

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2003/003873 WO2004025392A2 (en) 2002-09-11 2003-09-11 Electronic commerce transactions

Country Status (2)

Country Link
AU (1) AU2003259449A1 (en)
WO (1) WO2004025392A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009011720A1 (en) * 2007-07-13 2009-01-22 Sony Ericsson Mobile Communications Ab Method for performing a transaction for authenticating a customer at the point of sale
US9741024B2 (en) 2013-07-31 2017-08-22 Xero Limited Systems and methods of bank transfer

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5671279A (en) * 1995-11-13 1997-09-23 Netscape Communications Corporation Electronic commerce using a secure courier system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5671279A (en) * 1995-11-13 1997-09-23 Netscape Communications Corporation Electronic commerce using a secure courier system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009011720A1 (en) * 2007-07-13 2009-01-22 Sony Ericsson Mobile Communications Ab Method for performing a transaction for authenticating a customer at the point of sale
US9741024B2 (en) 2013-07-31 2017-08-22 Xero Limited Systems and methods of bank transfer
US11803826B2 (en) 2013-07-31 2023-10-31 Xero Limited Systems and methods of direct account transfer

Also Published As

Publication number Publication date
AU2003259449A1 (en) 2004-04-30
WO2004025392A3 (en) 2004-06-03
AU2003259449A8 (en) 2004-04-30

Similar Documents

Publication Publication Date Title
US20200336315A1 (en) Validation cryptogram for transaction
JP5051678B2 (en) Method and system for performing electronic payments
RU2292589C2 (en) Authentified payment
US10210511B2 (en) System and method for conversion between internet and non-internet based transactions
US9424848B2 (en) Method for secure transactions utilizing physically separated computers
US6910020B2 (en) Apparatus and method for granting access to network-based services based upon existing bank account information
AU2003225327B8 (en) Method for authenticating and verifying SMS communications
AU781647B2 (en) A payment system and method for use in an electronic commerce system
JP5216594B2 (en) Authentication method for service server on wireless internet and settlement method using the same
RU2301449C2 (en) Method for realization of multi-factor strict authentication of bank card holder with usage of mobile phone in mobile communication environment during realization of inter-bank financial transactions in international payment system in accordance to 3-d secure specification protocol and the system for realization of aforementioned method
US20030069792A1 (en) System and method for effecting secure online payment using a client payment card
EP3688961B1 (en) Federated closed-loop system
US20030055738A1 (en) Method and system for effecting an electronic transaction
CN101622635A (en) A communications system
EP2495695A1 (en) Method and system for conducting a monetary transaction using a mobile communication device
KR20060022304A (en) Interactive financial settlement service method using mobile phone number or virtual number
US20110161234A1 (en) Ordering scheme
US20020174075A1 (en) System & method for on-line payment
KR100481152B1 (en) On-line gift card system and method of providing the gift card
Kumar et al. An Architectural Design for Secure Mobile Remote Macro-Payments.
RU50325U1 (en) SYSTEM OF IMPLEMENTATION OF A MULTI-FACTOR STRICT AUTHENTICATION OF A BANK CARD HOLDER USING A MOBILE PHONE IN A MOBILE COMMUNICATION IMPLEMENTATION AT THE IMPLEMENTATION OF AN INTERBANK TRANSPORT FRENCH FRIENDS.
KR20020010160A (en) System & Method for Wireless Electronic Commerce Payment service
WO2004025392A2 (en) Electronic commerce transactions
KR20030005986A (en) Method for the process of certification using mobile communication devices with the function of wireless certification(digital signature)
US20060117173A1 (en) Method and system for the secure transmission of a confidential code through a telecommunication network

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP