WO2014053161A1 - Method of authorizing a financial transaction - Google Patents

Method of authorizing a financial transaction Download PDF

Info

Publication number
WO2014053161A1
WO2014053161A1 PCT/EP2012/069367 EP2012069367W WO2014053161A1 WO 2014053161 A1 WO2014053161 A1 WO 2014053161A1 EP 2012069367 W EP2012069367 W EP 2012069367W WO 2014053161 A1 WO2014053161 A1 WO 2014053161A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile radio
radio equipment
equipment
financial transaction
service provider
Prior art date
Application number
PCT/EP2012/069367
Other languages
French (fr)
Inventor
Mattia FOGLIACCO
Original Assignee
Iiinnovation S.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Iiinnovation S.A. filed Critical Iiinnovation S.A.
Priority to PCT/EP2012/069367 priority Critical patent/WO2014053161A1/en
Publication of WO2014053161A1 publication Critical patent/WO2014053161A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3224Transactions dependent on location of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/405Establishing or using transaction specific rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services

Definitions

  • the invention relates to a method of authorizing a financial transaction.
  • the invention relates to the mobile payment field and in particular to the confirmation or authorization of payment transactions through the mobile radio equipment of the person entitled to charge the relevant account.
  • the 3GPP networks are particularly suitable for providing authorizer authentication and authorization security, thanks to the following features:
  • the subscriber handset (User Equipment in the technical terminology) has a unique identification number called IMEI (International Mobile Equipment Identity) allowing mobile network operators to ban, on their networks, devices declared lost or stolen.
  • IMEI International Mobile Equipment Identity
  • IMSI International Mobile Subscriber Identity
  • MSISDN Mobile Subscriber Integrated Services Digital Network Number
  • EAP Extensible Authentication Protocol
  • 3GPP networks of the third generation EAP-AKA EAP- Authentication and Key Agreement
  • WO 2006/064359 A1 describes a method of preventing the cloning of Subscriber Identity Modules (SIMs) and enhancing protection against cloned SIMs in a cellular radio com- munication network or in other services making use of SIM-based authentication. Its teaching is based on the generation of two security keys internally within the Subscriber Identity Module. One of the two keys is then exported to an authentication server, so that the two keys can constitute a key pair for asymmetric cryptography.
  • SIMs Subscriber Identity Modules
  • a method of authorizing a financial transaction by means of a radio mobile equipment is provided.
  • a request to a service provider unit is sent from a point of sales unit requesting to charge a financial account for a payment of goods or services.
  • An authorization request or a confirmation request is forwarded from the service provider unit.
  • the location of the mobile radio equipment is determined by comparing the location of the mobile radio equipment with the location of the point of sales unit.
  • the time the mobile radio equipment is used by its subscriber is determined and/or it is determined whether the mobile radio equipment has been continuously camping in the mobile radio network for a minimum camping time.
  • the requested payment transactions are confirmed in dependence on the comparison and/or determination steps.
  • the confirmation step is based on a current cell ID of the mobile radio equipment and the international mobile equipment identity number of the mobile radio equipment.
  • no confirmation on the requested payment transaction is issued if a location of the mobile radio equipment cannot be determined.
  • a confirmation is only used if the compari- son between the cell ID of the mobile radio equipment and the cell ID of the point of sales unit does not exclude the likelihood of the financial transaction legitimacy.
  • a confirmation is issued if the time period corresponding to the time the international mobile equipment identification number is issued to the mobile radio equipment is longer than a first threshold.
  • a transaction denial is used if a computed speed ID which the subscriber identity module or the mobile radio equipment should have travelled in some circumstances is higher than a threshold correspondingly determined.
  • the invention also relates to an apparatus adapted to receive from a point of sales unit a request to charge a financial account.
  • the request specifies the identification data of the financial account to charge as well as the amount to charge.
  • the apparatus comprises a memory means for storing the financial account data and the account holder's data (comprising account holder's communication addresses), transmission means for sending request messages and data to a mobile radio network, reception means for receiving messages and data from the mobile radio network, processing means for evaluating the legitimacy of the requested financial transaction on the basis of data that the apparatus requests by the transmission means and receives by the reception means.
  • This data can include a location of the mobile radio equipment and the point of sales unit, the time the mobile radio equipment has been in use by its subscriber and/or the time the mobile radio equipment has been continuously camping in the mobile radio network.
  • the processing means issues a confirmation of said requested financial transaction on the basis of a current cell ID of the mobile radio equipment and an international mobile equipment identity number of the mobile radio equipment.
  • the processing means issues a denial of the requested financial transaction if the location of the mobile radio equipment cannot be determined or if the comparison between the cell ID of the mobile radio equipment and that of the point of sales unit are not compatible with said financial transaction legitimacy.
  • the processing means issues a denial of the requested financial transaction if the time period corresponding to the time the international mobile equipment identification number is associated with the mobile radio equip- ment is not longer than a first time threshold.
  • the processing unit issues a denial of the requested financial transaction if a computed minimum speed at which the subscriber identity module or the mobile radio equipment should have travelled in some circumstances is higher than a threshold correspondingly determined.
  • the present invention relates to the idea either to obtain the authorization of a financial transaction through the mobile radio equipment of the person entitled to do it (for the sake of brevity, in what follows this person is called accountholder), or to confirm a financial transaction through that mobile radio equipment without involving its holder.
  • the method can be applied when a point of sale unit sends to a service provider unit a request to charge a financial account for the payment of goods or services, while the service provider unit, before carrying out the requested payment transaction, needs an authorization or a simple confirmation of acceptability of the transaction request.
  • a checking procedure makes determinations as to whether: The handset is located in a place that gives good reason for the requested financial transaction, the handset has been in use by the subscriber for more than a minimum possession time, and/or whether the handset has been continuously camping in the mobile radio network for more than a minimum camping time.
  • the payment transaction is confirmed or not, and, if a payment authorization is required, optionally the holder of the mobile radio equipment can authorize it or not.
  • the present invention is described by making reference to the handsets and the cellular networks of the 3GPP (3rd Generation Partnership Project) technologies, which in the third quarter of 2011 topped 5.2 billion connections (90% of the worldwide cellular market) in a world of 7 billion people.
  • 3GPP 3rd Generation Partnership Project
  • This particular reference is not a limitation, but it is just an example used to simplify explanations, as it will be clear to those skilled in the art that the method of the present invention is applicable with other mobile communications systems as well.
  • Fig. 1 shows a schematic representation of an environment according to a first embodiment of the present invention
  • Fig. 2 shows a flow chart representing a second embodiment of the present invention.
  • Fig. 1 shows a schematic representation of an environment according to a first embodiment of the present invention.
  • the environment according to the first embodiment of the present invention comprises a point of sale unit 109, a service provider unit 111 , a cellular network 101 and a user equipment or user unit 103.
  • the user equipment or user unit 103 comprises a subscriber identity module SIM 107, that identifies the subscriber of the mobile line, an International Mobile Equipment Identity module IMEI 108, that identifies the mobile equipment, and a radio transceiver module 104.
  • the holder of the user equipment or user unit 103 buys a good at the point of sale unit 109 and pays for it by a credit card, whose services are provided e.g. by the service provider unit 111. It is assumed that the accountholder is the subscriber of the mobile line identified by the subscriber identity module SIM 107, which is inserted in the user equipment 103.
  • the point of sale unit 109 is assumed to be a physical point of sale, where customers have to go to buy goods or services. However, it will be clear to those skilled in the art that this assumption is made for simplifying explanations only, while the method of the present invention can be applied in many other conditions.
  • the point of sale unit 109 gets the relevant credit card details and sends a payment transaction request to the service provider unit 111 , through a first connection 110 which can be wired or wireless.
  • the service provider 111 needs to ascertain the legitimacy of the requested payment by checking whether the buyer is actually carrying the user equipment 103 with the SIM 107 (in what follows this case is called "confirmation case"), while in other cases (e.g., if the transaction amount is higher than a given value) the service provider 111 needs a payment authorization from the cellular subscriber associ- ated to the SIM 107 ("authorization case").
  • confirmation case besides other parameters that will be defined below, the method of the present invention needs the cell identifier (Celljd) of the cell on which the SIM 107 is currently camped and the IMEI number of the equipment in use.
  • the transaction authorization request is sent to the user equipment 103 by the service provider 111 through the second connection 112, the cellular network 101 , and the third connection 102.
  • the user equipment 103 includes: trans-caliver 104, providing all the functionalities needed to receive information from the cellular network 101 , through connection 102; a subscriber identifier module unit SIM 107, which is associated to the accountholder and can be called by the associated MSISDN; and an international mobile equipment unit IMEI 108 having the International Mobile Equipment Identity number identifying the terminal equipment 103.
  • the service provider unit 111 comprises a memory means 111a for storing the financial account data and the account holder's data including account holder's communication addresses.
  • the service provider unit 111 furthermore comprises a transmission means 111b for sending request messages and data to a mobile radio network 101 , a reception means 111c for receiving messages and data from said mobile radio network 101 and a processing means 111d for evaluating the legitimacy of the requested financial transaction on the basis of data that the apparatus requests by said transmission means 111 b and received by the reception means 111c, which may include a location of the mobile radio equipment and the point of sales unit, the time the mobile radio equipment has been in use by its subscriber and/or the time the mobile radio equipment has been continuously camping in the mobile radio network.
  • the transceiver 104 is able to receive information from the cellular network 101 via the third connection 102.
  • the user equipment 103 has also to be able to camp in the network 101 and interact with the network 101 to establish connections.
  • the IMEI 108 is commonly used by cellular operators not only for stopping stolen phones from accessing a network or for locating a phone though the location of the associated SIM, but also to manage services according to the device capabilities and automatically force data tariffs accordingly (e.g., some operators force a particular data tariff plan if a customer plugs his SIM card into any smartphone).
  • the 3GPP network detects the device IMEI number.
  • the service provider unit 109 can call the accountholder or send him SMSs or other notifications by dialling the MSISDN of the cellular line associated to the SIM 107. However, the service provider unit 109 can also send information and data to the user equipment 103 through the cellular network 101 by other communications means, such as email and instant messages. It will be clear to those skilled in the art that, for the method of the present invention, it does not matter if said authorization request is sent via SMS (Short Message Service), email, data transmission over a regular data connection, etc. It does not matter either how the response to the payment authorization request is returned to the service provider unit 111.
  • SMS Short Message Service
  • the user equipment 103 is camped in the cellular network 101 and establishes, or keeps established, the connection 102.
  • the cellular network 101 authenticates the SIM 107, and gets the IMEI number of user equipment 103.
  • the cellular network gets the cell ID CelMd of the current cell where the User Equipment is.
  • the method of the present invention provides a check of the reliability of the identity associated with the user equipment 103 (Fig. 1 ).
  • Fig. 2 shows the flow chart of a second embodiment of the present invention.
  • the checking procedure runs on the cellular network 101 , but it is clear to those skilled in the art that it can be run in the equipment of the service provider unit 111 as well. Accordingly, a suitable exchange of data between the cellular network 101 and the service provider unit 111 has to be provided.
  • the checking procedure can receive other data that will be discussed in what follows.
  • step 203 covers also the case in which no user equipment with SIM 107 is camped in the cellular network 101.
  • the cell identity of the user equipment CellJDc is not defined and, to be on the safe side, it is assumed that the legitimate accountholder is not close to the Point of Sale 109.
  • step 203 covers also the case in which the Point of Sale 109 is not covered by any cell of the Cellular Network 101.
  • the user equipment 103 could be at a distance from the point of sale dependent on the size of the cell covering the point of sale (CellJDs) itself. If the point of sale is equipped with a femtocell, the maximum distance could be of the order of few meters, while in the case of a large cell the maximum distance could be of the order of several hundred meters. In a general case, at step 203 it could be feasible to assess the distance of the mobile terminal from the pont of sale 109 by some means of the variety of location methods that are well known by those skilled in the art, and determine if such distance is larger than a fixed amount.
  • the point of sales unit 109 selling goods of significant value are generally indoor and covered by small cells, while the determination step 203 does not involve a definitive acceptance of a payment authorizations (in case CellJDc is the same as CellJDs, other determinations are made before entitling the holder of user equipment 103 to authorize the transaction), as explained below.
  • the determination step 203 involves a denial of the payment authorization without major drawbacks, therefore the possible uncertainty of the actual distance of the user equipment from the Point of Sale can be accepted.
  • the criterion assumed at step 203 of Fig. 2 appears the best solution, as it is simple and reliable enough. If, otherwise, at step 203 the determination is that the cell identity of the user equipment CeliJDc is compatible with CellJDs, meaning that the accountholder is in proximity to the point of sale unit 109, the procedure continues with step 206.
  • the checking procedure evaluates some "tracing parameters", that could clue on what recently happened with the user equipment 103.
  • tracing parameters are: Teic, that is a first time period, i.e. the time elapsed since the association of IMEIc to the SIM under check, and Teen, that is a second time period, i.e. the time for which the User Equipment 103 has been camping in the network without interruptions.
  • the first and second time period Teic and Teen can be computed as the respective differences between the current time instant and the first and second time instant Tic or Ten defined above.
  • the second time period Teen is longer than the second threshold Tsm, it means that the SIM under check has been camping in the network, without interruptions, for a time long enough to exclude that it has been stolen or it is a clone.
  • the accountholder identity is confirmed (step 210) and the procedure ends at step 213.
  • the second time period Teen is not longer than the second threshold Tsm, it means that the SIM under check camped in the network shortly before the request of payment authorization.
  • the identity of the holder of the user equipment is not confirmed (step 211 ).
  • a message (payment denial) is sent to both the account- holder and the point of sale (step 212) informing that the payment authorization cannot be given through the user equipment because, due to the short time elapsed from the new configuration of the user equipment, that user equipment has not been certified for payment authorizations yet, and the procedure ends at step 213.
  • the first and second thresholds can be prefixed values, or values dependent on the local time, the day of the week, and other conditions, including the cardholder habits. It is in fact possible to consider many parameters derived from tracing data of the cellular line. In particular one can take into account the network cells identities at the time instants at which the SIM under check performed some activity, such as camping in the network, changing location area, placing or receiving calls, sending or receiving SMSs, transmitting data, deregistering, etc. So there are a number of data that can be used to set the first and second thresholds Tern and Tsm appropriately. However, the combination of the criteria utilized in the exemplary procedure depicted in Fig. 2 allows a sufficient reliability even with coarse values for the first and second thresholds Tern and Tsm.
  • the Checking Application can work in the confirmation case as well.
  • the service provider unit 111 instead of sending the transaction authorization request to the user equipment 103, sends a "confirmation request" to the cellular network 101 and the cellular network 101 , instead of sending to the User Equipment 103 the transaction authorization request originated by the service provider unit 111 , sends to the user equipment 103 a signalling message (e.g. a "paging" message or another suitable message that those skilled in the art can identify or devise) allowing the current Celljd to be detected.
  • the cellular network 101 can run the checking procedure and transmit the results to the service provider unit 111.
  • the point of sale unit 109 is a regular physical Point of Sale, therefore "to be sufficiently close to the Point of Sale" means to be within a reasonable range from it, as explained above.
  • the present invention can be embodied with other environments as well.
  • the payment authorization request could include a code to key in the computer keyboard to confirm that the accountholder is in front of said computer.
  • the payment authorization may be sent to the service provider unit through the point of sale itself.
  • the determination as to whether the user equipment 103 is camped on the cell covering the point of sale unit 109 is a sort of double check to confirm that the user equipment is right in front of the point of sale unit 109.
  • the checking procedure depicted in Fig. 2 can conveniently reside in the cellular network 101 , as most of the data needed to run it are generated by the cellular network.
  • the service provider unit with the payment authorization request sent to the user equipment 103, requires the mobile network operator to run the checking procedure and provides them with the relevant data (line number to check, location of the Point of Sale or its identity, ). Then the network operator runs the checking procedure and returns the result to the service provider unit.
  • the checking application resides at the service provider unit and the service provider unit sends to the mobile network operator a request of the data needed for running it. In this case a more complex privacy agreement is also needed.
  • the description of the method of the present invention assumes, simply as an illustrative example non limiting the applicability of the method, that the user equipment 103 is camped in a cellular network with the characteristics (SIM card, IMEI) of a 3GPP network, but those skilled in the art can understand that the method of the present invention can be applied also with other types of mobile networks (e.g., CDMA networks).
  • SIM card e.g., IMEI
  • the checking procedure computes the minimum speeds at which the SIM or the mobile radio equipment (103) should have travelled to go from one location to another, and if at least one of those minimum speeds is higher than the respective threshold determined for them, the transaction is denied.

Abstract

This invention discloses a method of authorizing a financial transaction by means of his mobile radio equipment or to confirm the financial transaction without involving the cellular subscriber. The method is based on a checking procedure that can reside either in the Mobile Radio Network or in the equipment of the service provider who have to carry out the financial transaction. The checking procedure determines whether: i) the mobile radio equipment is located in a place that gives good reason for the financial transaction request; ii) the mobile radio equipment has been in use by the subscriber for more than a minimum possession time; and iii) the mobile radio equipment has been continuously camping in the Mobile Radio Network for more than a minimum camping time. The authorization or the confirmation are given according to the result of one of the above determinations or a combination of them.

Description

Method of authorizing a financial transaction
The invention relates to a method of authorizing a financial transaction. Background
The invention relates to the mobile payment field and in particular to the confirmation or authorization of payment transactions through the mobile radio equipment of the person entitled to charge the relevant account.
Electronic financial transactions are becoming widespread, as they typically take less time to carry out and cost less than conventional ways to transfer money from one bank account to another. However, in many cases the financial transaction requires a confirmation or an explicit authorization, with a secure identification of the authorizer. With conven- tional financial transactions, authorizations are required in writing, sometimes by a simple signature, sometimes with the support of an official identification, thus increasing the transaction time and cost. As nowadays mobile payments are gaining momentum, there is a need for providing the possibility to confirm or authorise financial transactions on the move, with a suitable authentication of the authorizer. Moreover, security features are needed to thwart possible misuses and frauds perpetrated by cellular devices when the cellular networks are not aware that a cellular device has been stolen or lost.
The most appropriate way is using cellular handsets, as these are always carried by a vast majority of the population in every country.
The 3GPP networks are particularly suitable for providing authorizer authentication and authorization security, thanks to the following features:
The subscriber handset (User Equipment in the technical terminology) has a unique identification number called IMEI (International Mobile Equipment Identity) allowing mobile network operators to ban, on their networks, devices declared lost or stolen. Into each handset, a Subscriber Identity Module (SIM) is inserted; the SIM has a unique identification number called IMSI (International Mobile Subscriber Identity) and links the handset to the subscriber identity.
To each IMSI, or SIM, the network allocates at least a telephone number, called MSISDN (Mobile Subscriber Integrated Services Digital Network Number), that is used to dial the subscriber (the association between IMSI and MSISDN is stored in a network register).
In GSM networks the subscriber authentication is carried out by EAP (Extensible Authentication Protocol), while in 3GPP networks of the third generation EAP-AKA (EAP- Authentication and Key Agreement) protocol is used. To achieve a high reliability of the authentication provided by the SIM mechanisms, in particular to prevent cloning, many studies have been carried out and many proposals have been discussed.
WO 2006/064359 A1 describes a method of preventing the cloning of Subscriber Identity Modules (SIMs) and enhancing protection against cloned SIMs in a cellular radio com- munication network or in other services making use of SIM-based authentication. Its teaching is based on the generation of two security keys internally within the Subscriber Identity Module. One of the two keys is then exported to an authentication server, so that the two keys can constitute a key pair for asymmetric cryptography.
Anyhow, the security of 3GPP networks rely on strong authentication and ciphering mechanisms, protecting SIMs and data, while the legitimacy of each User Equipment is guaranteed by a unique IMEI number that is transmitted every time the User Equipment is used.
However, if a user equipment is lost or stolen, the device owner has to inform his mobile network operator to stop the device from accessing networks and being used. This entails some time before the device is banned.
In the event of SIM cloning, as soon as two phones with the same SIM number show up, the network immediately deactivates both of them, but, as long as the legitimate SIM does not try and camp in the network, the unlawful clone can be fraudulently used. Hence there are periods of time during which the regular security mechanisms of the cellular networks cannot prevent misuses and frauds.
It is therefore an object of the invention to overcome the above shortcomings and improve the reliability of the process carried out to authenticate a User Equipment used to confirm or authorize a financial transaction.
Summary of the Invention
This object is solved by a method of authorizing a financial transaction according to claim 1.
Therefore, a method of authorizing a financial transaction by means of a radio mobile equipment is provided. A request to a service provider unit is sent from a point of sales unit requesting to charge a financial account for a payment of goods or services. An authorization request or a confirmation request is forwarded from the service provider unit. The location of the mobile radio equipment is determined by comparing the location of the mobile radio equipment with the location of the point of sales unit. The time the mobile radio equipment is used by its subscriber is determined and/or it is determined whether the mobile radio equipment has been continuously camping in the mobile radio network for a minimum camping time. The requested payment transactions are confirmed in dependence on the comparison and/or determination steps.
According to an aspect of the invention, the confirmation step is based on a current cell ID of the mobile radio equipment and the international mobile equipment identity number of the mobile radio equipment.
According to an aspect of the invention, no confirmation on the requested payment transaction is issued if a location of the mobile radio equipment cannot be determined.
According to a further aspect of the invention, a confirmation is only used if the compari- son between the cell ID of the mobile radio equipment and the cell ID of the point of sales unit does not exclude the likelihood of the financial transaction legitimacy. According to a further aspect of the invention, a confirmation is issued if the time period corresponding to the time the international mobile equipment identification number is issued to the mobile radio equipment is longer than a first threshold.
According to a further aspect of the invention, a transaction denial is used if a computed speed ID which the subscriber identity module or the mobile radio equipment should have travelled in some circumstances is higher than a threshold correspondingly determined.
The invention also relates to an apparatus adapted to receive from a point of sales unit a request to charge a financial account. The request specifies the identification data of the financial account to charge as well as the amount to charge. The apparatus comprises a memory means for storing the financial account data and the account holder's data (comprising account holder's communication addresses), transmission means for sending request messages and data to a mobile radio network, reception means for receiving messages and data from the mobile radio network, processing means for evaluating the legitimacy of the requested financial transaction on the basis of data that the apparatus requests by the transmission means and receives by the reception means. This data can include a location of the mobile radio equipment and the point of sales unit, the time the mobile radio equipment has been in use by its subscriber and/or the time the mobile radio equipment has been continuously camping in the mobile radio network.
According to an aspect of the invention, the processing means issues a confirmation of said requested financial transaction on the basis of a current cell ID of the mobile radio equipment and an international mobile equipment identity number of the mobile radio equipment.
According to a further aspect of the invention, the processing means issues a denial of the requested financial transaction if the location of the mobile radio equipment cannot be determined or if the comparison between the cell ID of the mobile radio equipment and that of the point of sales unit are not compatible with said financial transaction legitimacy.
According to an aspect of the invention, the processing means issues a denial of the requested financial transaction if the time period corresponding to the time the international mobile equipment identification number is associated with the mobile radio equip- ment is not longer than a first time threshold. According to a further aspect of the invention, the processing unit issues a denial of the requested financial transaction if a computed minimum speed at which the subscriber identity module or the mobile radio equipment should have travelled in some circumstances is higher than a threshold correspondingly determined. The present invention relates to the idea either to obtain the authorization of a financial transaction through the mobile radio equipment of the person entitled to do it (for the sake of brevity, in what follows this person is called accountholder), or to confirm a financial transaction through that mobile radio equipment without involving its holder.
The method can be applied when a point of sale unit sends to a service provider unit a request to charge a financial account for the payment of goods or services, while the service provider unit, before carrying out the requested payment transaction, needs an authorization or a simple confirmation of acceptability of the transaction request. In those cases, with a number of tracing parameters provided by the relevant cellular network, a checking procedure makes determinations as to whether: The handset is located in a place that gives good reason for the requested financial transaction, the handset has been in use by the subscriber for more than a minimum possession time, and/or whether the handset has been continuously camping in the mobile radio network for more than a minimum camping time.
According to the result of one of the above determinations or a combination of them, the payment transaction is confirmed or not, and, if a payment authorization is required, optionally the holder of the mobile radio equipment can authorize it or not.
The present invention is described by making reference to the handsets and the cellular networks of the 3GPP (3rd Generation Partnership Project) technologies, which in the third quarter of 2011 topped 5.2 billion connections (90% of the worldwide cellular market) in a world of 7 billion people. This particular reference, however, is not a limitation, but it is just an example used to simplify explanations, as it will be clear to those skilled in the art that the method of the present invention is applicable with other mobile communications systems as well. Brief Description of the Drawings
Fig. 1 shows a schematic representation of an environment according to a first embodiment of the present invention, and
Fig. 2 shows a flow chart representing a second embodiment of the present invention.
Detailed Description of the Invention
Fig. 1 shows a schematic representation of an environment according to a first embodiment of the present invention. The environment according to the first embodiment of the present invention comprises a point of sale unit 109, a service provider unit 111 , a cellular network 101 and a user equipment or user unit 103. The user equipment or user unit 103 comprises a subscriber identity module SIM 107, that identifies the subscriber of the mobile line, an International Mobile Equipment Identity module IMEI 108, that identifies the mobile equipment, and a radio transceiver module 104. In Fig. 1 , the holder of the user equipment or user unit 103 buys a good at the point of sale unit 109 and pays for it by a credit card, whose services are provided e.g. by the service provider unit 111. It is assumed that the accountholder is the subscriber of the mobile line identified by the subscriber identity module SIM 107, which is inserted in the user equipment 103.
The point of sale unit 109 is assumed to be a physical point of sale, where customers have to go to buy goods or services. However, it will be clear to those skilled in the art that this assumption is made for simplifying explanations only, while the method of the present invention can be applied in many other conditions.
At the buyer's request to pay by a credit card, the point of sale unit 109 gets the relevant credit card details and sends a payment transaction request to the service provider unit 111 , through a first connection 110 which can be wired or wireless. Before carrying out that financial transaction, the service provider 111 needs to ascertain the legitimacy of the requested payment by checking whether the buyer is actually carrying the user equipment 103 with the SIM 107 (in what follows this case is called "confirmation case"), while in other cases (e.g., if the transaction amount is higher than a given value) the service provider 111 needs a payment authorization from the cellular subscriber associ- ated to the SIM 107 ("authorization case"). For the confirmation case, besides other parameters that will be defined below, the method of the present invention needs the cell identifier (Celljd) of the cell on which the SIM 107 is currently camped and the IMEI number of the equipment in use.
In the authorization case there is, in addition, optionally a need to send an authorization request to the cellular subscriber associated to the SIM 107, who is entitled to authorize the transaction, and get his response.
In the authorization case, the transaction authorization request is sent to the user equipment 103 by the service provider 111 through the second connection 112, the cellular network 101 , and the third connection 102. The user equipment 103 includes: trans- ceiver 104, providing all the functionalities needed to receive information from the cellular network 101 , through connection 102; a subscriber identifier module unit SIM 107, which is associated to the accountholder and can be called by the associated MSISDN; and an international mobile equipment unit IMEI 108 having the International Mobile Equipment Identity number identifying the terminal equipment 103. The service provider unit 111 comprises a memory means 111a for storing the financial account data and the account holder's data including account holder's communication addresses. The service provider unit 111 furthermore comprises a transmission means 111b for sending request messages and data to a mobile radio network 101 , a reception means 111c for receiving messages and data from said mobile radio network 101 and a processing means 111d for evaluating the legitimacy of the requested financial transaction on the basis of data that the apparatus requests by said transmission means 111 b and received by the reception means 111c, which may include a location of the mobile radio equipment and the point of sales unit, the time the mobile radio equipment has been in use by its subscriber and/or the time the mobile radio equipment has been continuously camping in the mobile radio network.
The transceiver 104 is able to receive information from the cellular network 101 via the third connection 102. However, to be able to receive information, the user equipment 103 has also to be able to camp in the network 101 and interact with the network 101 to establish connections. The IMEI 108 is commonly used by cellular operators not only for stopping stolen phones from accessing a network or for locating a phone though the location of the associated SIM, but also to manage services according to the device capabilities and automatically force data tariffs accordingly (e.g., some operators force a particular data tariff plan if a customer plugs his SIM card into any smartphone). To allow these functionalities, each time a user equipment connects to a 3GPP network, the 3GPP network detects the device IMEI number.
The service provider unit 109 can call the accountholder or send him SMSs or other notifications by dialling the MSISDN of the cellular line associated to the SIM 107. However, the service provider unit 109 can also send information and data to the user equipment 103 through the cellular network 101 by other communications means, such as email and instant messages. It will be clear to those skilled in the art that, for the method of the present invention, it does not matter if said authorization request is sent via SMS (Short Message Service), email, data transmission over a regular data connection, etc. It does not matter either how the response to the payment authorization request is returned to the service provider unit 111. The user equipment 103 is camped in the cellular network 101 and establishes, or keeps established, the connection 102. This ensures that the cellular network 101 authenticates the SIM 107, and gets the IMEI number of user equipment 103. Moreover, with the establishment of a connection to transmit voice or data to a user equipment, the cellular network gets the cell ID CelMd of the current cell where the User Equipment is. With the current cell ID Celljd and IMEI, besides other parameters that the cellular network 101 could have got from tracing activities, the method of the present invention provides a check of the reliability of the identity associated with the user equipment 103 (Fig. 1 ).
Fig. 2 shows the flow chart of a second embodiment of the present invention. For the sake of simplicity it is assumed that the checking procedure runs on the cellular network 101 , but it is clear to those skilled in the art that it can be run in the equipment of the service provider unit 111 as well. Accordingly, a suitable exchange of data between the cellular network 101 and the service provider unit 111 has to be provided.
The procedure of Fig. 2, after the starting step 201 , at step 202 receives a number of data, including: CellJDc (cell identity of the cell on which the user equipment 103 (Fig. 1 ) is currently camped); Celljds (cell identity of the cell covering the point of sale 109); IMEIc (IMEI number of the User Equipment 103 that is currently associated with the IMSI under check (that is the SIM 107 IMSI in Fig. 1 ); Ten (a first time instant at which the user equipment 103 camped in the network); Tic (a second time instant at which the user equipment 103 was associated to the IMSI under check). In addition to the above parameters list, the checking procedure can receive other data that will be discussed in what follows.
At step 203, a determination is made as to whether the cell identity of the user equipment Ce!IJDc is "compatible" with that of the point of sales CellJDs, where "compatible" means "the same" or "overlapping" o, in general, non excluding the possibility that the holder of the mobile radio equipment 103 could have to pay the point of sale 109 for some good or service. If CellJDc is not compatible with CellJDs, it is assumed that the legitimate the holder of the mobile radio equipment 103 is not sufficiently close to the point of sale 109 to give reason for the payment transaction, therefore the payment transaction is denied (step 204). Then a message can be sent to both the accountholder and the point of sale (step 205), to inform them of the denial and its cause, and the procedure ends at step 213.
For the sake of simplicity, it is assumed that step 203 covers also the case in which no user equipment with SIM 107 is camped in the cellular network 101. In this case, in fact, the cell identity of the user equipment CellJDc is not defined and, to be on the safe side, it is assumed that the legitimate accountholder is not close to the Point of Sale 109. Similarly it is assumed that step 203 covers also the case in which the Point of Sale 109 is not covered by any cell of the Cellular Network 101.
If the cell identity of the user equipment CellJDc is compatible with that of the point of sales CellJDs, the user equipment 103 could be at a distance from the point of sale dependent on the size of the cell covering the point of sale (CellJDs) itself. If the point of sale is equipped with a femtocell, the maximum distance could be of the order of few meters, while in the case of a large cell the maximum distance could be of the order of several hundred meters. In a general case, at step 203 it could be feasible to assess the distance of the mobile terminal from the pont of sale 109 by some means of the variety of location methods that are well known by those skilled in the art, and determine if such distance is larger than a fixed amount. However, the point of sales unit 109 selling goods of significant value are generally indoor and covered by small cells, while the determination step 203 does not involve a definitive acceptance of a payment authorizations (in case CellJDc is the same as CellJDs, other determinations are made before entitling the holder of user equipment 103 to authorize the transaction), as explained below. On the other hand, if CellJDc is not compatible with CellJDs, the determination step 203 involves a denial of the payment authorization without major drawbacks, therefore the possible uncertainty of the actual distance of the user equipment from the Point of Sale can be accepted. Thus the criterion assumed at step 203 of Fig. 2 appears the best solution, as it is simple and reliable enough. If, otherwise, at step 203 the determination is that the cell identity of the user equipment CeliJDc is compatible with CellJDs, meaning that the accountholder is in proximity to the point of sale unit 109, the procedure continues with step 206.
At step 206 the checking procedure evaluates some "tracing parameters", that could clue on what recently happened with the user equipment 103. Examples of said tracing parameters are: Teic, that is a first time period, i.e. the time elapsed since the association of IMEIc to the SIM under check, and Teen, that is a second time period, i.e. the time for which the User Equipment 103 has been camping in the network without interruptions.
The first and second time period Teic and Teen can be computed as the respective differences between the current time instant and the first and second time instant Tic or Ten defined above.
At step 207 (Fig. 2), a determination is made as to whether the first Teic is longer than a first threshold Tem, that is, as to whether the current association between the SIM under check and IMEIc has been keeping in place for more than the first threshold time instant Tem. If a first time period Teic is longer than the first threshold time instant Tem, it is assumed that no cloning happened and the accountholder identity is confirmed (step 208).
If the first time period Teic is not longer than the first threshold Tem, it means that the holder of the mobile device (user equipment) has moved the SIM under check in a new user equipment shortly before the request of payment authorization, therefore one may have a suspicion that the SIM under check is a clone. In this case the procedure contin- ues with step 209, where a determination is made as to whether the second time period Teen is longer than the second threshold Tsm.
If the second time period Teen is longer than the second threshold Tsm, it means that the SIM under check has been camping in the network, without interruptions, for a time long enough to exclude that it has been stolen or it is a clone. In this case the accountholder identity is confirmed (step 210) and the procedure ends at step 213.
Otherwise, if the second time period Teen is not longer than the second threshold Tsm, it means that the SIM under check camped in the network shortly before the request of payment authorization. Considering that at this point (step 209) the association between the SIM under check and IMEIc is also considered to have occurred shortly before the request of payment authorization, the identity of the holder of the user equipment is not confirmed (step 211 ). Then, a message (payment denial) is sent to both the account- holder and the point of sale (step 212) informing that the payment authorization cannot be given through the user equipment because, due to the short time elapsed from the new configuration of the user equipment, that user equipment has not been certified for payment authorizations yet, and the procedure ends at step 213.
The first and second thresholds (Tern and Tsm) can be prefixed values, or values dependent on the local time, the day of the week, and other conditions, including the cardholder habits. It is in fact possible to consider many parameters derived from tracing data of the cellular line. In particular one can take into account the network cells identities at the time instants at which the SIM under check performed some activity, such as camping in the network, changing location area, placing or receiving calls, sending or receiving SMSs, transmitting data, deregistering, etc. So there are a number of data that can be used to set the first and second thresholds Tern and Tsm appropriately. However, the combination of the criteria utilized in the exemplary procedure depicted in Fig. 2 allows a sufficient reliability even with coarse values for the first and second thresholds Tern and Tsm.
Considering now the confirmation case, it is clear to those skilled in the art that the Checking Application, described above with reference to the authorization case, can work in the confirmation case as well. In fact, if the checking procedure resides in the cellular network 101 , the service provider unit 111 , instead of sending the transaction authorization request to the user equipment 103, sends a "confirmation request" to the cellular network 101 and the cellular network 101 , instead of sending to the User Equipment 103 the transaction authorization request originated by the service provider unit 111 , sends to the user equipment 103 a signalling message (e.g. a "paging" message or another suitable message that those skilled in the art can identify or devise) allowing the current Celljd to be detected. Considering that the current IMEI number has been got at the camping of the user equipment 103 in the network, the cellular network 101 can run the checking procedure and transmit the results to the service provider unit 111.
In the illustrative example that has been used to explain the method of the present invention, the point of sale unit 109 is a regular physical Point of Sale, therefore "to be sufficiently close to the Point of Sale" means to be within a reasonable range from it, as explained above. The present invention, however, can be embodied with other environments as well.
For instance, in the case of buying a good or a service through Internet, "to be sufficiently close to the point of sale" could mean to be in front of the computer by which the order is being placed. In this case, in addition to the possible knowledge of the computer location, the payment authorization request could include a code to key in the computer keyboard to confirm that the accountholder is in front of said computer. The payment authorization may be sent to the service provider unit through the point of sale itself. In this case the determination as to whether the user equipment 103 is camped on the cell covering the point of sale unit 109 is a sort of double check to confirm that the user equipment is right in front of the point of sale unit 109.
The checking procedure depicted in Fig. 2 can conveniently reside in the cellular network 101 , as most of the data needed to run it are generated by the cellular network. In this case the service provider unit, with the payment authorization request sent to the user equipment 103, requires the mobile network operator to run the checking procedure and provides them with the relevant data (line number to check, location of the Point of Sale or its identity, ...). Then the network operator runs the checking procedure and returns the result to the service provider unit. Alternatively the checking application resides at the service provider unit and the service provider unit sends to the mobile network operator a request of the data needed for running it. In this case a more complex privacy agreement is also needed. The description of the method of the present invention assumes, simply as an illustrative example non limiting the applicability of the method, that the user equipment 103 is camped in a cellular network with the characteristics (SIM card, IMEI) of a 3GPP network, but those skilled in the art can understand that the method of the present invention can be applied also with other types of mobile networks (e.g., CDMA networks).
Others embodiments of the present invention can be devised, taking into account more detailed tracing information for the determinations as to whether the User Equipment is located in a place that gives good reason for the requested financial transaction. As an example, from the tracing data collected by the cellular network 101 (Fig. 1 ), the checking procedure computes the minimum speeds at which the SIM or the mobile radio equipment (103) should have travelled to go from one location to another, and if at least one of those minimum speeds is higher than the respective threshold determined for them, the transaction is denied.
It is clear that there are also embodiments that include the possibility to override the checking procedure, or part of its checking criteria, by using secure mechanisms, based on exchange of keys, PINs (Personal Identification Numbers) or some other security means, in order to allow the accountholder to authorise a financial transaction even in cases where some conditions are not met, but this out of the scope of the present invention. Many other variations of the invention will become apparent to those skilled in the art upon review of the disclosure. Therefore the examples used above for describing the present application are to be considered illustrative only, not restrictive.

Claims

Claims
1. Method of authorizing a financial transaction by means of a mobile radio equipment (103) comprising the steps of:
sending a request to a service provider unit (111 ) from a point of sale unit (109) requesting to charge a financial account for a payment of goods or services,
forwarding an authorization request or a confirmation request from the service provider unit (111 ),
determining the location of the mobile radio equipment ( 03), comparing the location of the mobile radio equipment with the location of the point of sale unit (109),
determining the time the mobile radio equipment is used by its subscriber, and/or determining whether the mobile radio equipment has been continuously camping in the mobile radio network for a minimum camping time, and
confirming the requested payment transaction in dependence on the comparison and/or determination steps.
2. Method according to claim 1 , wherein the confirmation step is based on a current cell ID of the mobile radio equipment (103) and international mobile equipment identity number of the mobile radio equipment (103).
3. Method according to claim 1 or 2, wherein
no confirmation of the requested payment transaction is issued if a location of the mobile radio equipment (103) cannot be determined.
4. Method according to claim 1 , 2 or 3, wherein
a confirmation is only issued if the comparison between the cell ID of the mobile radio equipment (103) and the cell ID of the point of sale unit (109) does not exclude the likelihood of the financial transaction legitimacy.
5. Method according to any one of the claims 1 to 4, wherein
a confirmation is issued if the time period corresponding to the time the international mobile equipment identification number is associated to the mobile radio equipment (103) is longer than a first time threshold.
6. Method according to any one of the claims 1 to 5, wherein
a transaction denial is issued if a computed speed at which the subscriber identity module (107) or the mobile radio equipment (103) should have travelled in some circumstances is higher than a threshold value.
7. A service provider unit adapted to receive, from a point of sale unit (109), a request to charge a financial account, said request specifying identification data of said financial account to charge and an amount to charge, comprising:
memory means (111a) for storing said financial account data and the account- holder's data, comprising accountholder's communications addresses;
transmission means (111b) for sending request messages and data to a mobile radio network (101);
reception means (111c) for receiving messages and data from said mobile radio network (101 );
processing means (111 d) for evaluating the legitimacy of said requested financial transaction on the basis of data, that the service provider unit (111 ) requests by said transmission means (111b) and receives by said reception means (111c),
wherein said data comprises a location of said mobile radio equipment (103) and said point of sale unit (109); the time the mobile radio equipment (103) has been in use by its subscriber; and/or the time the mobile radio equipment (103) has been continuously camping in the mobile radio network (101 ).
8. A service provider unit according to claim 7, wherein said processing means (111 d) is adapted to issue a confirmation of said requested financial transaction on the basis of a current cell ID of the mobile radio equipment (103) and international mobile equipment identity number of the mobile radio equipment (103).
9. A service provider unit according to any of the claims 7 and 8, wherein said processing means (111 d) is adapted to issue a denial of said requested financial transaction if the location of the mobile radio equipment (103) cannot be determined or the comparison between the cell ID of the mobile radio equipment (103) and the cell ID of the point of sale unit (109) are not compatible with said financial transaction legitimacy.
10. A service provider unit according to any of the claims 7 to 9, wherein said processing means (111d) is adapted to issue a denial of said requested financial transaction if the time period corresponding to the time the international mobile equipment identification number is associated to the mobile radio equipment (103) is not longer than a first time threshold.
1 1. A service provider unit according to any of the claims 7 to 10, wherein said processing means (11 1 d) is adapted to issue a denial of said requested financial transaction if a computed minimum speed at which the subscriber identity module (107) or the mobile radio equipment (103) should have travelled in some circumstances is higher than a threshold value.
PCT/EP2012/069367 2012-10-01 2012-10-01 Method of authorizing a financial transaction WO2014053161A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2012/069367 WO2014053161A1 (en) 2012-10-01 2012-10-01 Method of authorizing a financial transaction

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2012/069367 WO2014053161A1 (en) 2012-10-01 2012-10-01 Method of authorizing a financial transaction

Publications (1)

Publication Number Publication Date
WO2014053161A1 true WO2014053161A1 (en) 2014-04-10

Family

ID=46980949

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2012/069367 WO2014053161A1 (en) 2012-10-01 2012-10-01 Method of authorizing a financial transaction

Country Status (1)

Country Link
WO (1) WO2014053161A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010053684A1 (en) * 1997-10-08 2001-12-20 Hannu Pirila Method and system for identifying an illegal terminal in a cellular radio system
WO2006064359A1 (en) 2004-12-17 2006-06-22 Telefonaktiebolaget Lm Ericsson (Publ) Clone-resistant mutual authentication in a radio communication network
US20060237531A1 (en) * 2005-04-26 2006-10-26 Jacob Heffez Method and system for monitoring electronic purchases and cash-withdrawals
US20070174082A1 (en) * 2005-12-12 2007-07-26 Sapphire Mobile Systems, Inc. Payment authorization using location data
US20080227471A1 (en) * 2007-03-16 2008-09-18 Ajay Dankar Method for tracking credit card fraud

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010053684A1 (en) * 1997-10-08 2001-12-20 Hannu Pirila Method and system for identifying an illegal terminal in a cellular radio system
WO2006064359A1 (en) 2004-12-17 2006-06-22 Telefonaktiebolaget Lm Ericsson (Publ) Clone-resistant mutual authentication in a radio communication network
US20060237531A1 (en) * 2005-04-26 2006-10-26 Jacob Heffez Method and system for monitoring electronic purchases and cash-withdrawals
US20070174082A1 (en) * 2005-12-12 2007-07-26 Sapphire Mobile Systems, Inc. Payment authorization using location data
US20080227471A1 (en) * 2007-03-16 2008-09-18 Ajay Dankar Method for tracking credit card fraud

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
BURGE P ET AL: "Fraud detection and management in mobile telecommunications networks", SECURITY AND DETECTION, 1997. ECOS 97., EUROPEAN CONFERENCE ON LONDON, UK 28-30 APRIL 1997, LONDON, UK,IEE, UK, 28 April 1997 (1997-04-28), pages 91 - 96, XP006507536, ISBN: 978-0-85296-683-9, DOI: 10.1049/CP:19970429 *
WULLEMS C ET AL: "Enhancing the security of internet applications using location: A new model for tamper-resistant GSM location", COMPUTERS AND COMMUNICATION, 2003. (ISCC 2003). PROCEEDINGS. EIGHTH IE EE INTERNATIONAL SYMPOSIUM ON JUNE 30 - JULY 3, 203, PISCATAWAY, NJ, USA,IEEE, 1 January 2003 (2003-01-01), pages 1251 - 1258, XP010646297, ISBN: 978-0-7695-1961-6 *

Similar Documents

Publication Publication Date Title
US7565142B2 (en) Method and apparatus for secure immediate wireless access in a telecommunications network
EP2826004B1 (en) Mobile phone takeover protection system and method
US9852416B2 (en) System and method for authorizing a payment transaction
US20030061503A1 (en) Authentication for remote connections
JP2009515403A (en) Remote activation of user accounts in telecommunications networks
EP1178445A1 (en) Method for performing short-range wireless transactions between an hybrid wireless terminal and a service terminal
KR101432356B1 (en) Remote activation capture
JP2000511021A (en) Search for copied SIM card
KR20120068759A (en) Transaction system and method
US10699273B2 (en) System and method for authorizing payment transaction based on device locations
CN103026659A (en) Method and system for routing communications
CN109587683B (en) Method and system for preventing short message from being monitored, application program and terminal information database
CN103138935A (en) Identity authentication system based on telecom operators
JP2008527474A (en) Service access restriction method and system
US20050102519A1 (en) Method for authentication of a user for a service offered via a communication system
ES2260930T3 (en) PROCEDURE AND RISK MANAGEMENT SYSTEM IN A MOBILE PHONE NETWORK.
CN101925062A (en) Network access method, device and system
US9344582B2 (en) Terminal and mobile communication system
WO2014053161A1 (en) Method of authorizing a financial transaction
KR20130065749A (en) System and method for authenticating payment occurred abroad
KR101243275B1 (en) Identity theft protection service that provides communication systems
CN117479111B (en) Wi-Fi technology-based offline automatic payment method, system and device
WO2001043081A2 (en) Enhanced pin-based security method and apparatus
EP2958043A1 (en) Method for the recognition of user profiles
EP1580936B1 (en) Subscriber authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12769089

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12769089

Country of ref document: EP

Kind code of ref document: A1