WO2010140972A1 - A method for secure transactions - Google Patents

A method for secure transactions Download PDF

Info

Publication number
WO2010140972A1
WO2010140972A1 PCT/SE2010/050616 SE2010050616W WO2010140972A1 WO 2010140972 A1 WO2010140972 A1 WO 2010140972A1 SE 2010050616 W SE2010050616 W SE 2010050616W WO 2010140972 A1 WO2010140972 A1 WO 2010140972A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
identity
server
predefined
communication device
Prior art date
Application number
PCT/SE2010/050616
Other languages
French (fr)
Inventor
Stefan Hultberg
Magnus Westling
Original Assignee
Accumulate Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Accumulate Ab filed Critical Accumulate Ab
Publication of WO2010140972A1 publication Critical patent/WO2010140972A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3227Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • G06Q20/3552Downloading or loading of personalisation data

Definitions

  • the present invention relates generally to transactions, and particularly to secure transactions utilizing a portable radio communication device, such as a mobile phone, personal digital assistant, portable computer or similar device.
  • a portable radio communication device such as a mobile phone, personal digital assistant, portable computer or similar device.
  • An object of the present invention is thus to provide secure transactions for portable radio communication devices.
  • a secure transaction is achieved.
  • the transaction identity is kept unique only during a specific transaction, whereby the necessary amount of transaction identities can be kept very low at the transaction server, being limiting only for handling parallel transactions at the transaction server.
  • the unique transaction identity is preferably created by the transaction server upon request from the first transaction part, which provides for an assured solution for the first transaction part.
  • the transaction identity is created by the second transaction part, which facilitates the transaction for the first transaction part.
  • a predefined transaction identity is preferably used for e.g. Internet bank login.
  • the verification is preferably performed by entering a personal identification number (PIN) in the portable radio communication device, which PIN is selected during installation of user transaction software.
  • PIN personal identification number
  • Fig. 1 schematically shows communication between transaction parts according to an embodiment of the present invention.
  • Fig. 2 schematically shows the steps of a method for secure transactions according to an embodiment of the present invention.
  • the first step is to install 1 a user transaction software in a portable communication device 10 of a first transaction part in a secure way, wherein a user is identified in a secure way and tied to the installation.
  • One secure way is to, at e.g. a bank office or other known part, install the user transaction software in the portable radio communication device of the first transaction part or give a memory card or similar device having an installation program for the first transaction part thereon.
  • the identity of the owner of the portable radio communication device is checked in connection with the installation or delivery of the user transaction software transaction program. Instead of checking the identity directly at a bank office or other known part e.g. a registered letter sent to the intended user can be used to verify the identity of the intended user.
  • the user transaction software is connected to an account at the bank or other part, such as a credit card account, a user account, an electronic wallet, etc.
  • Another secure way to install the user transaction software is to, at e.g. an authenticated Internet bank office or similar part, through a secure connection, e.g. a https connection, install the user transaction software in the portable radio communication device of the first transaction part.
  • the identity of the owner of the portable radio communication device is checked in connection with the installation through e.g. PIN.
  • the user transaction software is connected to an account at the bank or other part, such as a credit card account, a user account, an electronic wallet, etc.
  • the user transaction software is arranged to communicate with a predefined transaction server 12 when secure transactions are performed.
  • Information of which account a user transaction software is connected to can be predefined directly at the transaction server or be accessed by the transaction server from the first transaction part whenever a transaction is to take place.
  • Account balance and similar checks are preferably performed prior to any finalization of a transaction.
  • a mobile phone number is preferably given to the distribution site, which in response thereto sends a text message, such as an SMS, with a download URL to that mobile phone number, i.e. a so called over the air installation (OTA installation) .
  • OTA installation over the air installation
  • the user transaction software is installed in the mobile phone.
  • an activation code given by the distribution site, is entered.
  • a PIN is also required to be entered to run the application.
  • the transaction comprises the following steps.
  • the user of the portable radio communication device i.e. the first transaction part, selects a "transaction" section of the user transaction software to connect the first transaction part to the transaction server.
  • the first transaction part 10 preferably activates itself, through an encoded/encrypted wireless communication, on the transaction server 12, which transaction server 12 thereby puts the first transaction part 10 in an active transaction state on the transaction server 12.
  • the first transaction part 10 preferably stays in the active transaction state on the transaction server 12 until the first transaction part 10 requests a non-active transaction state.
  • the first transaction part 10 will be put into a non-active transaction state by the transaction server 12 after a time-out.
  • the transaction server 12 could also put the first transaction part 10 in a non- active state after finalization of a transaction.
  • the first transaction part thereafter initiates the transaction by requesting 2, preferably through an encoded/encrypted wireless communication, a first identity part of a transaction identity of the transaction server.
  • the wireless communication can e.g. be performed through GPRS, 3G data, Wi-Fi or WiMAC, all of which could have some kind of built-in identity verification, and even infrared or Bluetooth, which however are anonymous and could require some added identity verification.
  • the transaction server responds by sending 14 a first identity part of the transaction identity to the first transaction part, which first identity part of the transaction identity is unique during the whole transaction but is preferably reusable after finalization of the transaction, advantageously directly after finalization of the transaction, i.e. when the transaction receipt has been sent.
  • the second identity part is predefined and known by the first transaction part and the predefined transaction server.
  • the first transaction part enters 3 the returned first identity part of the transaction identity together with the predefined second identity part at the merchant secure Internet site 11, i.e. the second transaction part 11.
  • the second transaction part 11 activates itself on the transaction server 12, which transaction server 12 thereby puts the second transaction part 11 in an active transaction state on the transaction server 12.
  • the second transaction part thereafter sends 4, 15 information of the transaction connected to the transaction identity to the transaction server 12, preferably encrypted.
  • the activation and the following information of the transaction could also be performed in one action, such that the sending of information of the transaction to the transaction server also puts the second transaction part in an active transaction state on the transaction server.
  • Transaction information from the second transaction part that is sent with a transaction can vary, but typically includes the name of the second transaction part and the transaction amount, and possibly also the product name, at a purchase.
  • the name of the second transaction part could alternatively be extracted from the login of the second transaction part to the system instead of being sent together with the transaction, to ensure that such information is not distorted. This is usually performed via a landline, but could also be performed via wireless communication.
  • the second transaction part has previously registered an account at the transaction server, in a way similarly performed for the first transaction part. Account information or similar information of the first transaction part is not necessary to give to the second transaction part and vice versa, since such information is known by the transaction server, and such information should thus not be given to the second transaction part and vice versa.
  • the transaction server 12 identifies the first transaction part by the first identity part of the unique transaction identity sent by the second transaction part and verifies that the second identity part sent by the second transaction part is the same as the predefined second identity part of the first transaction part.
  • the transaction preferably requests 5, through an encoded/encrypted wireless communication, a verification by the first transaction part of the transaction information connected to the transaction identity.
  • the user transaction software requests 6 e.g. a PIN as verification of the transaction information, such as name of the second transaction part and transaction amount. The verification is returned, through an encoded/encrypted wireless communication, to the transaction server connected to the transaction identity.
  • the first transaction part when the first transaction part request a first identity part of the transaction server the first transaction part also provides the transaction server a maximum transaction amount.
  • the second transaction part request a verification of the transaction of the transaction server the transaction server verifies the transaction without the request 5 as long as the transaction is at the most of the maximum transaction amount already approved.
  • the transaction server After verification from the first transaction part the transaction server finalizes 7 the transaction connected to the unique transaction identity and preferably sends a transaction receipt to both the first transaction part, through an encoded/encrypted wireless communication, and the second transaction part.
  • the transaction is only finalized provided that the accounts of both the first transaction part and the second transaction part accept the transaction.
  • the transaction has been described with a portable radio communication device as the first transaction part and a merchant as the second transaction part.
  • the merchant requests a unique transaction identity of the transaction server, in this case preferably through a land line.
  • a first identity part of the unique transaction identity is then communicated to the portable radio communication device from the merchant.
  • the user of the portable radio communication device adds the second predefined identity part to the first identity part and provides the merchant with the concatenated transaction identity.
  • information of the transaction connected to the unique transaction identity is again sent from merchant to the predefined transaction server, which, by wireless communication, sends the information of the transaction connected to the unique transaction identity to the portable radio communication device.
  • the transaction connected to the unique transaction identity is still verified at the portable radio communication device by a user verification, which verification connected to the unique transaction identity is sent to the transaction server.
  • the transaction connected to the unique transaction identity is thereafter finalized based on the information of the transaction and the unique transaction identity, and a transaction receipt of the finalized transaction is sent from the transaction server to the first and second transaction parts. Also in this reverse procedure both transaction parts have individually put themselves in an active transaction state on the transaction server. Without both transaction parts in the active transaction state the transaction will not be finalized.
  • a similar method can be used for e.g. Internet bank login, or other kinds of secure login or secure authentication.
  • a predefined identity is utilized also for the first identity part, known by both the first transaction part and the transaction server, such as a social security number, account number or similar.
  • the user of the first transaction part enters the first identity part and the second identity part of this predefined transaction identity at the second transaction part and thereby initiates the login at the second transaction part.
  • the first and second transaction parts are e.g. equipped with electronic communication means, providing the possibility for the first transaction part to enter the first and second identity parts of the predefined transaction identity at the second transaction part without the user needing to perform it manually.
  • the user of the first transaction part also selects a "secure login" section of the user transaction software to connect the portable radio communication device to the transaction server and thereby puts the first transaction part in an active transaction state on the transaction server.
  • the second transaction part After receiving the predefined transaction identity at the second transaction part the second transaction part puts itself in an active transaction state on the transaction server and requests a verification connected to the login of the transaction server, based on the predefined transaction identity.
  • the transaction server checks that the portable radio communication device corresponding to the first identity part of the predefined identity is connected to the transaction server, at least by checking that the first transaction part is in an active transaction state on the transaction server.
  • the transaction server preferably additionally requests a verification connected to the login from the first transaction part, or alternatively checks that the portable radio communication device of the first transaction part is on, which is performed without any active action by the user thereof.
  • the verification in the portable radio communication device is e.g. a PIN.
  • the transaction server will when both transaction part are in the active state, or after verification when used, send a verification to the second transaction part confirming that the portable radio communication device has been verified, which will allow log in of the first transaction part into the second transaction part. In this case no PIN of other password has been transferred via the Internet connection. Further, the PIN has not been transferred between the transaction server and the second transaction part. The second part only receives a confirmation that the identification is verified. Transactions at the second transaction part can hereafter be performed as previously described.
  • Examples of different transaction are e.g. point of sales (POS) transaction, person to person (P2P) transfer, micro payments, person to machine (vending machine) transaction, secure identification, electronic identification, secure authentication, etc.
  • POS point of sales
  • P2P person to person
  • micro payments person to machine
  • secure identification electronic identification
  • secure authentication etc.
  • the first identity part of the transaction identity is preferably the first half of the transaction identity, but could alternative be the second half of the transaction identity, or other distribution of the transaction identity is possible.
  • a mobile phone device 10 is utilized. The method comprises the steps of:
  • the transaction identity initiates, by the transaction identity, the secure transaction 13 between the first transaction part and a second transaction part 11, wherein the transaction identity comprises the first identity part and the second identity part ;
  • this further method is similar to the method above.
  • the request is preferably made by means of a SMS sent to the transaction server.
  • Alternative identities to tie to a first identity part of a transaction identity is e.g. SIM data and MSIDN data of the mobile phone device.

Abstract

The present invention relates to a method for a secure transaction utilizing a portable radio communication device (10), wherein both parts in the secure transaction are protected against fraudulent actions, among other things by use of a transaction identity,being divided into a first transaction part and a second transaction part, on a predefined transaction server.

Description

A METHOD FOR SECURE TRANSACTIONS
FIELD OF INVENTION
The present invention relates generally to transactions, and particularly to secure transactions utilizing a portable radio communication device, such as a mobile phone, personal digital assistant, portable computer or similar device.
BACKGROUND
It is today common with transactions initiated and performed via e.g. Internet. Further, with mobile phones or similar devices it is today possible to perform transactions and related actions through data communication via wireless communication. This provides for a very neat way of performing secure transactions, by always having an electronic authentication device at hand, which could be used as a secure wallet/bank solution. However, this also provides for a variety of ways to manipulate the transaction systems in order to fraud one or both of the parts in a transaction.
SUMMARY OF THE INVENTION
An object of the present invention is thus to provide secure transactions for portable radio communication devices.
This object, among others, is according to the present invention attained by methods as defined by the appended claims.
By providing a method for secure transactions wherein both parts in a transaction are connected to a predefined transaction server and independently approves the transaction, wherein a transaction identity is divided into a first identity part and a second identity part, a secure transaction is achieved.
Preferably, the transaction identity is kept unique only during a specific transaction, whereby the necessary amount of transaction identities can be kept very low at the transaction server, being limiting only for handling parallel transactions at the transaction server.
The unique transaction identity is preferably created by the transaction server upon request from the first transaction part, which provides for an assured solution for the first transaction part. Alternatively, the transaction identity is created by the second transaction part, which facilitates the transaction for the first transaction part. Further, for e.g. Internet bank login a predefined transaction identity is preferably used.
The verification is preferably performed by entering a personal identification number (PIN) in the portable radio communication device, which PIN is selected during installation of user transaction software.
Further features and advantages of the present invention will be evident from the following description.
BRIEF DESCRIPTION OF THE DRAWINGS
The present invention will become more fully understood from the detailed description of embodiments given below and the accompanying figures, which are given by way of illustration only, and thus, are not limitative of the present invention, wherein:
Fig. 1 schematically shows communication between transaction parts according to an embodiment of the present invention. Fig. 2 schematically shows the steps of a method for secure transactions according to an embodiment of the present invention.
DETAILED DESCRIPTION OF EMBODIMENTS
In the following description, for purpose of explanation and not limitation, specific details are set forth, such as particular techniques and applications in order to provide a thorough understanding of the present invention. However, it will be apparent for a person skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. In other instances, detailed description of well-known methods and apparatuses are omitted so as not to obscure the description of the present invention with unnecessary details.
An embodiment of the present invention will now be described with reference to Figs. 1 and 2.
In order to secure all links of a transaction, the first step is to install 1 a user transaction software in a portable communication device 10 of a first transaction part in a secure way, wherein a user is identified in a secure way and tied to the installation. One secure way is to, at e.g. a bank office or other known part, install the user transaction software in the portable radio communication device of the first transaction part or give a memory card or similar device having an installation program for the first transaction part thereon. The identity of the owner of the portable radio communication device is checked in connection with the installation or delivery of the user transaction software transaction program. Instead of checking the identity directly at a bank office or other known part e.g. a registered letter sent to the intended user can be used to verify the identity of the intended user. Finally the user transaction software is connected to an account at the bank or other part, such as a credit card account, a user account, an electronic wallet, etc. Another secure way to install the user transaction software is to, at e.g. an authenticated Internet bank office or similar part, through a secure connection, e.g. a https connection, install the user transaction software in the portable radio communication device of the first transaction part. The identity of the owner of the portable radio communication device is checked in connection with the installation through e.g. PIN. Finally the user transaction software is connected to an account at the bank or other part, such as a credit card account, a user account, an electronic wallet, etc.
The user transaction software is arranged to communicate with a predefined transaction server 12 when secure transactions are performed. Information of which account a user transaction software is connected to can be predefined directly at the transaction server or be accessed by the transaction server from the first transaction part whenever a transaction is to take place. Account balance and similar checks are preferably performed prior to any finalization of a transaction.
When a secure Internet installation is utilized a mobile phone number is preferably given to the distribution site, which in response thereto sends a text message, such as an SMS, with a download URL to that mobile phone number, i.e. a so called over the air installation (OTA installation) . By following that link in the mobile phone the user transaction software is installed in the mobile phone. To first start the application run by the user transaction software an activation code, given by the distribution site, is entered. Further, a PIN is also required to be entered to run the application.
When a transaction 13 is to take place, wherein the second transaction part e.g. is Internet based, such as an authenticated merchant secure Internet site 11 or a secure login, the transaction comprises the following steps. The user of the portable radio communication device, i.e. the first transaction part, selects a "transaction" section of the user transaction software to connect the first transaction part to the transaction server. The first transaction part 10 preferably activates itself, through an encoded/encrypted wireless communication, on the transaction server 12, which transaction server 12 thereby puts the first transaction part 10 in an active transaction state on the transaction server 12.
The first transaction part 10 preferably stays in the active transaction state on the transaction server 12 until the first transaction part 10 requests a non-active transaction state. Alternatively, the first transaction part 10 will be put into a non-active transaction state by the transaction server 12 after a time-out. Further, the transaction server 12 could also put the first transaction part 10 in a non- active state after finalization of a transaction. By waiting for a request before putting the first transaction part into a non-active state the advantage is obtained that the user can perform several consecutive transactions without having to reselect the "transaction" section of the user transaction software. This is however preferably combined with a time out, which gives the advantage that the user does not forget to put the portable radio communication device in a non-active transaction state, which would be risky if another person gets hold of the portable radio communication device. From a security perspective it would be advantageous to put the first transaction part in a non- active transaction state also after a transaction have been completed.
The first transaction part thereafter initiates the transaction by requesting 2, preferably through an encoded/encrypted wireless communication, a first identity part of a transaction identity of the transaction server. The wireless communication can e.g. be performed through GPRS, 3G data, Wi-Fi or WiMAC, all of which could have some kind of built-in identity verification, and even infrared or Bluetooth, which however are anonymous and could require some added identity verification. The transaction server responds by sending 14 a first identity part of the transaction identity to the first transaction part, which first identity part of the transaction identity is unique during the whole transaction but is preferably reusable after finalization of the transaction, advantageously directly after finalization of the transaction, i.e. when the transaction receipt has been sent.
By use of a divided transaction identity it is possible to send a first identity part without encryption, since when the first transaction part adds a second identity part to the transaction identity, the transaction identity becomes secure even if someone gets hold of the first identity part. The second identity part is predefined and known by the first transaction part and the predefined transaction server.
The first transaction part enters 3 the returned first identity part of the transaction identity together with the predefined second identity part at the merchant secure Internet site 11, i.e. the second transaction part 11. The second transaction part 11 activates itself on the transaction server 12, which transaction server 12 thereby puts the second transaction part 11 in an active transaction state on the transaction server 12. The second transaction part thereafter sends 4, 15 information of the transaction connected to the transaction identity to the transaction server 12, preferably encrypted. The activation and the following information of the transaction could also be performed in one action, such that the sending of information of the transaction to the transaction server also puts the second transaction part in an active transaction state on the transaction server. Transaction information from the second transaction part that is sent with a transaction can vary, but typically includes the name of the second transaction part and the transaction amount, and possibly also the product name, at a purchase. The name of the second transaction part could alternatively be extracted from the login of the second transaction part to the system instead of being sent together with the transaction, to ensure that such information is not distorted. This is usually performed via a landline, but could also be performed via wireless communication. The second transaction part has previously registered an account at the transaction server, in a way similarly performed for the first transaction part. Account information or similar information of the first transaction part is not necessary to give to the second transaction part and vice versa, since such information is known by the transaction server, and such information should thus not be given to the second transaction part and vice versa.
The transaction server 12 identifies the first transaction part by the first identity part of the unique transaction identity sent by the second transaction part and verifies that the second identity part sent by the second transaction part is the same as the predefined second identity part of the first transaction part. The transaction preferably requests 5, through an encoded/encrypted wireless communication, a verification by the first transaction part of the transaction information connected to the transaction identity. The user transaction software requests 6 e.g. a PIN as verification of the transaction information, such as name of the second transaction part and transaction amount. The verification is returned, through an encoded/encrypted wireless communication, to the transaction server connected to the transaction identity.
Alternatively, when the first transaction part request a first identity part of the transaction server the first transaction part also provides the transaction server a maximum transaction amount. When the second transaction part request a verification of the transaction of the transaction server the transaction server verifies the transaction without the request 5 as long as the transaction is at the most of the maximum transaction amount already approved.
After verification from the first transaction part the transaction server finalizes 7 the transaction connected to the unique transaction identity and preferably sends a transaction receipt to both the first transaction part, through an encoded/encrypted wireless communication, and the second transaction part. The transaction is only finalized provided that the accounts of both the first transaction part and the second transaction part accept the transaction.
The transaction has been described with a portable radio communication device as the first transaction part and a merchant as the second transaction part. The reverse is however also possible wherein the merchant requests a unique transaction identity of the transaction server, in this case preferably through a land line. A first identity part of the unique transaction identity, divided into a first identity part and a second identity part, is then communicated to the portable radio communication device from the merchant. The user of the portable radio communication device adds the second predefined identity part to the first identity part and provides the merchant with the concatenated transaction identity. However, information of the transaction connected to the unique transaction identity is again sent from merchant to the predefined transaction server, which, by wireless communication, sends the information of the transaction connected to the unique transaction identity to the portable radio communication device. The transaction connected to the unique transaction identity is still verified at the portable radio communication device by a user verification, which verification connected to the unique transaction identity is sent to the transaction server. The transaction connected to the unique transaction identity is thereafter finalized based on the information of the transaction and the unique transaction identity, and a transaction receipt of the finalized transaction is sent from the transaction server to the first and second transaction parts. Also in this reverse procedure both transaction parts have individually put themselves in an active transaction state on the transaction server. Without both transaction parts in the active transaction state the transaction will not be finalized.
A similar method can be used for e.g. Internet bank login, or other kinds of secure login or secure authentication. Instead of requesting a first unique identity part of a transaction identity from the transaction server a predefined identity is utilized also for the first identity part, known by both the first transaction part and the transaction server, such as a social security number, account number or similar. The user of the first transaction part enters the first identity part and the second identity part of this predefined transaction identity at the second transaction part and thereby initiates the login at the second transaction part. Alternatively the first and second transaction parts are e.g. equipped with electronic communication means, providing the possibility for the first transaction part to enter the first and second identity parts of the predefined transaction identity at the second transaction part without the user needing to perform it manually. The user of the first transaction part also selects a "secure login" section of the user transaction software to connect the portable radio communication device to the transaction server and thereby puts the first transaction part in an active transaction state on the transaction server.
After receiving the predefined transaction identity at the second transaction part the second transaction part puts itself in an active transaction state on the transaction server and requests a verification connected to the login of the transaction server, based on the predefined transaction identity. The transaction server checks that the portable radio communication device corresponding to the first identity part of the predefined identity is connected to the transaction server, at least by checking that the first transaction part is in an active transaction state on the transaction server. The transaction server preferably additionally requests a verification connected to the login from the first transaction part, or alternatively checks that the portable radio communication device of the first transaction part is on, which is performed without any active action by the user thereof.
The verification in the portable radio communication device is e.g. a PIN. The transaction server will when both transaction part are in the active state, or after verification when used, send a verification to the second transaction part confirming that the portable radio communication device has been verified, which will allow log in of the first transaction part into the second transaction part. In this case no PIN of other password has been transferred via the Internet connection. Further, the PIN has not been transferred between the transaction server and the second transaction part. The second part only receives a confirmation that the identification is verified. Transactions at the second transaction part can hereafter be performed as previously described.
Examples of different transaction are e.g. point of sales (POS) transaction, person to person (P2P) transfer, micro payments, person to machine (vending machine) transaction, secure identification, electronic identification, secure authentication, etc.
The first identity part of the transaction identity is preferably the first half of the transaction identity, but could alternative be the second half of the transaction identity, or other distribution of the transaction identity is possible.
In a further method for a secure transaction a mobile phone device 10 is utilized. The method comprises the steps of:
providing the mobile phone device and a predefined transaction server 12 a first identity part of a transaction identity, wherein the mobile phone device is thereby identified and tied to the phone number of the mobile phone device on the predefined transaction server;
requesting, by the mobile phone number, a second identity part of the transaction identity from the transaction server, wherein the second part is unique for the secure transaction, and at the same time providing the transaction server with a maximum transaction amount;
initiating, by the transaction identity, the secure transaction 13 between the first transaction part and a second transaction part 11, wherein the transaction identity comprises the first identity part and the second identity part ;
sending 15 information of the secure transaction connected to the transaction identity from the second transaction part to the predefined transaction server;
identifying the first transaction part and the second transaction part on the transaction server by the transaction identity; and
finalizing the transaction connected to the transaction identity based on the information of the secure transaction and the transaction identity, provided the maximum transaction amount is not exceeded. In this further method no application is downloaded into the mobile phone device, and only the mobile phone number is used to tie the user of the mobile phone device to the predefined first identity part of the transaction identity. In other aspects this further method is similar to the method above.
The request is preferably made by means of a SMS sent to the transaction server. Alternative identities to tie to a first identity part of a transaction identity is e.g. SIM data and MSIDN data of the mobile phone device.
It will be obvious that the present invention may be varied in a plurality of ways. Such variations are not to be regarded as departure from the scope of the present invention as defined by the appended claims. All such variations as would be obvious for a person skilled in the art are intended to be included within the scope of the present invention as defined by the appended claims.

Claims

1. A method for a secure transaction utilizing a portable radio communication device (10) comprising the steps of:
initiating, by wireless encrypted communication, said portable radio communication device on a predefined transaction server (12), which portable radio communication device thereby is put in an active transaction state as a first transaction part on said transaction server, a user transaction software in said portable radio communication device has been installed through an authenticated service provider, wherein a user securely is identified and tied to the installation;
- initiating, by a transaction identity, a transaction (13) between said first transaction part utilizing said user transaction software in said portable radio communication device and a second transaction part (11) utilizing a service provider software, wherein said transaction identity is divided into a first identity part and a second identity part ;
- initiating said second transaction part on said predefined transaction server (12), which second transaction part thereby is put in an active transaction state on said transaction server;
- sending (15) information of said transaction connected to said transaction identity from said second transaction part to said predefined transaction server;
- identifying said first transaction part and said second transaction part on said transaction server by said transaction identity and checking that said first transaction part and said second transaction part are in said active transaction state on said transaction server; and
- finalizing said transaction connected to said transaction identity based on said information of said transaction and said transaction identity.
2. The method according to claim 1, comprising the step of:
- sending (14, 15) a transaction receipt of the finalized transaction connected to said transaction identity from said transaction server to said first and second transaction parts.
3. The method according to claim 1 or 2, wherein said first identity part of said transaction identity is created by said transaction server upon request from said first transaction part and send to said first transaction part, and said second identity part is predefined and known by said transaction server and said first transaction part.
4. The method according to claim 3, wherein said first identity part of said transaction identity is a unique transaction identity and reusable for another transaction after the transaction receipt has been sent.
5. The method according to any of claims 1-4, wherein said first identity part of said transaction identity is sent from said transaction server to said first transaction part over a publicly available media, such as e.g. via SMS.
6. The method as claimed in any of claims 1-5, comprising the steps of:
- sending (14), by wireless communication, said information of said transaction connected to said transaction identity from said predefined transaction server to said first transaction part, wherein the transmission is encrypted;
- verifying said transaction connected to said transaction identity at said first transaction part by a user verification (6); and
- sending (14), by wireless communication, the verification connected to said transaction identity from said first transaction part to said transaction server, wherein the transmission is encrypted.
7. The method according to claim 6, wherein said verification is performed by entering a personal identification number in said portable radio communication device.
8. A method for a secure transaction utilizing a portable radio communication device (10) comprising the following steps:
installing (1) a user transaction software in said portable radio communication device (10) through an authenticated service provider, wherein a user securely is identified and tied to the installation;
initiating, by a unique transaction identity, a transaction (13) between a first transaction part utilizing said user transaction software in said portable radio communication device and a second transaction part utilizing a service provider software, wherein said unique transaction identity is divided into a first identity part and a second identity part;
- communicating (14), by wireless communication, said first identity part of said unique transaction identity between said first transaction part and a predefined transaction server (12), wherein said communication is not encrypted;
- sending (15) information of said transaction connected to said unique transaction identity from said second transaction part to said predefined transaction server;
- sending (14), by wireless communication, said information of said transaction connected to said unique transaction identity from said predefined transaction server to said first transaction part, wherein the transmission is encrypted;
verifying said transaction connected to said unique transaction identity at said first transaction part by a user verification (6);
- sending (14), by wireless communication, the verification connected to said unique transaction identity from said first transaction part to said transaction server, wherein the transmission is encrypted; and
finalizing said transaction connected to said unique transaction identity based on said information of said transaction and said unique transaction identity.
9. The method according to claim 8, comprising the step of:
- sending (14, 15) a transaction receipt of the finalized transaction connected to said unique transaction identity from said transaction server to said first and second transaction parts, wherein said first transaction part and said second transaction part have been connected to said transaction server during the whole transaction.
10. The method according to claim 8 or 9 , wherein said first identity part of said unique transaction identity is reusable for another transaction after the transaction receipt has been sent.
11. The method according to any of claims 8-10, wherein said first identity part of said unique transaction identity is created by said transaction server upon request from said first transaction part.
12. The method according to any of claims 8-10, wherein said second identity part of said transaction identity is predefined and known by said first transaction part and said transaction server.
13. The method according to any of claims 8-12, wherein said verification is performed by entering a personal identification number in said portable radio communication device.
14. A method for a secure transaction utilizing a portable radio communication device (10) comprising the steps of:
- providing said portable radio communication device, by wireless communication, a first identity part of a transaction identity, which first identity part is created by a predefined transaction server (12), wherein a user transaction software in said portable radio communication device has been installed through an authenticated service provider and a user is thereby securely identified and tied to the installation;
- initiating, by said transaction identity, a transaction (13) between said first transaction part utilizing said user transaction software in said portable radio communication device and a second transaction part (11) utilizing a service provider software, wherein said transaction identity comprises said first identity part and a second identity part, which second identity part is predefined and known by said first transaction part and said transaction server;
- initiating said second transaction part on said predefined transaction server (12);
- sending (15) information of said transaction connected to said transaction identity from said second transaction part to said predefined transaction server;
- identifying said first transaction part and said second transaction part on said transaction server by said transaction identity; and
- finalizing said transaction connected to said transaction identity based on said information of said transaction and said transaction identity.
15. The method according to claim 14, comprising the step of:
- sending (14, 15) a transaction receipt of the finalized transaction connected to said transaction identity from said transaction server to said first and second transaction parts.
16. The method according to claim 14 or 15, comprising the step of:
- requesting said first identity part of said predefined transaction server at the same time giving said predefined transaction server a maximum transaction amount, removing the need of verification of said first transaction part for transactions up to that transaction amount.
17. The method according to claim 14 or 15, comprising the step of: checking that said first transaction part and said transaction part both are in an active state on said predefined transaction server, before finalizing said transaction.
18. A method for a secure transaction utilizing a mobile phone device (10) comprising the steps of:
providing said mobile phone device and a predefined transaction server (12) a first identity part of a transaction identity, wherein said mobile phone device is thereby identified and tied to the phone number of said mobile phone device on said predefined transaction server;
- requesting, by said mobile phone number, a second identity part of said transaction identity from said transaction server, wherein said second part is unique for said secure transaction, and at the same time providing said transaction server with a maximum transaction amount;
initiating, by said transaction identity, said secure transaction (13) between said first transaction part and a second transaction part (H), wherein said transaction identity comprises said first identity part and said second identity part;
sending (15) information of said secure transaction connected to said transaction identity from said second transaction part to said predefined transaction server;
- identifying said first transaction part and said second transaction part on said transaction server by said transaction identity; and
- finalizing said transaction connected to said transaction identity based on said information of said secure transaction and said transaction identity, provided said maximum transaction amount is not exceeded.
19. The method according to claim 18, wherein said request is made by means of a SMS sent to said transaction server.
PCT/SE2010/050616 2009-06-04 2010-06-04 A method for secure transactions WO2010140972A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE0950410-1 2009-06-04
SE0950410A SE533421C2 (en) 2009-06-04 2009-06-04 Method for secure transactions

Publications (1)

Publication Number Publication Date
WO2010140972A1 true WO2010140972A1 (en) 2010-12-09

Family

ID=43243856

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2010/050616 WO2010140972A1 (en) 2009-06-04 2010-06-04 A method for secure transactions

Country Status (2)

Country Link
SE (1) SE533421C2 (en)
WO (1) WO2010140972A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001063375A2 (en) * 2000-02-27 2001-08-30 Adamtech Ltd. Mobile transaction system and method
US6889325B1 (en) * 1999-04-28 2005-05-03 Unicate Bv Transaction method and system for data networks, like internet
US20050187873A1 (en) * 2002-08-08 2005-08-25 Fujitsu Limited Wireless wallet
EP1772832A1 (en) * 2004-07-30 2007-04-11 José Ignacio Bas Bayod Method of making secure payment or collection transactions using programmable mobile telephones
WO2009012731A1 (en) * 2007-07-26 2009-01-29 Direct Pay, S.R.O. Method of effecting payment transaction using a mobile terminal
WO2010032216A1 (en) * 2008-09-19 2010-03-25 Logomotion, S.R.O. The electronic payment application system and payment authorization method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6889325B1 (en) * 1999-04-28 2005-05-03 Unicate Bv Transaction method and system for data networks, like internet
WO2001063375A2 (en) * 2000-02-27 2001-08-30 Adamtech Ltd. Mobile transaction system and method
US20050187873A1 (en) * 2002-08-08 2005-08-25 Fujitsu Limited Wireless wallet
EP1772832A1 (en) * 2004-07-30 2007-04-11 José Ignacio Bas Bayod Method of making secure payment or collection transactions using programmable mobile telephones
WO2009012731A1 (en) * 2007-07-26 2009-01-29 Direct Pay, S.R.O. Method of effecting payment transaction using a mobile terminal
WO2010032216A1 (en) * 2008-09-19 2010-03-25 Logomotion, S.R.O. The electronic payment application system and payment authorization method

Also Published As

Publication number Publication date
SE0950410A1 (en) 2010-09-21
SE533421C2 (en) 2010-09-21

Similar Documents

Publication Publication Date Title
US11151543B2 (en) Methods for secure transactions
WO2010140970A1 (en) A method for secure transactions
US20120072309A1 (en) method for secure transactions
US20120078752A1 (en) Transaction identified handling system
WO2010140972A1 (en) A method for secure transactions
US20120078800A1 (en) Method for secure transactions
WO2010140955A1 (en) Selection of transaction functions based on user identity

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10783669

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10783669

Country of ref document: EP

Kind code of ref document: A1