Remote electronic payment system

US 20040139013A1
Filed: 03/08/2004
Published: 07/15/2004
Est. Priority Date: 02/20/2001
Status: Abandoned Application

First Claim

Patent Images

1. Authentication device (300) for authentication with an authentication server (900) in a remote payment system (10), said authentication being prior to a transaction by a user, said device (300) being characterized in that it includes:

means (310) for receiving a first authentication request (M100) from said authentication server (900);

means (330) for verifying the validity of said authentication request (M100);

means (350) of validation, by the user, of said transaction;

means (370) for checking the identity of said user; and

means (380) for sending a return authentication message (M200) to said authentication server (900).

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention concerns a remote electronic payment system comprising an authentication device (300) with an authenticating server in a remote payment system, the authentication being performed prior to a transaction carried out by a user. The device (300) is characterised in that it comprises: means (310) for receiving a first authentication request, from the authenticating server; means (330) for verifying the validity of the authentication request; means (350) for validation, by the user, of the transaction; means (370) for controlling said user'"'"'s identity; and means (380) for sending a return message of authentication, to the authenticating server (900).

33 Citations

View as Search Results

45 Claims

1. Authentication device (300) for authentication with an authentication server (900) in a remote payment system (10), said authentication being prior to a transaction by a user, said device (300) being characterized in that it includes:
- means (310) for receiving a first authentication request (M100) from said authentication server (900);
  
  means (330) for verifying the validity of said authentication request (M100);
  
  means (350) of validation, by the user, of said transaction;
  
  means (370) for checking the identity of said user; and
  
  means (380) for sending a return authentication message (M200) to said authentication server (900).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 2. Authentication device (300) according to claim 1, said authentication request (M100) including a description of said transaction, an identifier of said transaction and a first authentication code from said authentication server (900), said device (300) being characterized in that said verification means (330) are designed to verify the validity of said authentication request (M100) from said first authentication code and from a first authentication key (342).
  - 3. Authentication device (300) according to claim 1 or 2, characterized in that it additionally includes means (380) for generating a second authentication code (326), and in that said means (380) for sending the return authentication message (M200) are designed to insert said second authentication code (326) into said return authentication message (M240).
  - 4. Authentication device (300) according to any one of claims 1 to 3, characterized in that said means (380) for sending the return authentication message (M200) are designed to insert a response (322) into said return authentication message (M200), said response (322) being dependent on said validation of the transaction.
  - 5. Authentication device (300) according to any one of claims 1 to 4, characterized in that said means (370) for checking the identity of said user make use of a personal identification number (344).
  - 6. Authentication device (300) according to any one of claims 1 to 5, characterized in that it additionally includes means (390) for decrypting said first authentication request (M100), based on a transport key (349).
  - 7. Authentication device (300) according to any one of claims 1 to 6, characterized in that it additionally includes means (390) for encrypting said return authentication message (M200), based on a transport key (349).
  - 8. Authentication device (300) according to any one of claims 1 to 7, said transaction including a payment operation, said device being characterized in that it additionally includes means (360) for selecting a payment option (324) for said transaction and in that said means (380) for sending the return authentication message (M200) are designed to insert said option (324) into said return authentication message (M220).
  - 9. Authentication device (300) according to any one of claims 3 to 8, characterized in that it additionally includes a transaction counter (348) used by said means (380) for generating said second authentication code (326), and in that said means (380) for sending the return authentication message (M200) are designed to insert said transaction counter (348) into said return authentication message (M230).
  - 10. Authentication device (300) according to any one of claims 2 to 9, characterized in that it additionally includes means (310) for receiving, from an activation server (500), a key delivery message (M400), said key delivery message (M400) including said first authentication key (342).
  - 11. Authentication device (300) according to claim 10, characterized in that said key delivery message (M400) additionally includes a personal unblocking identification number (346).
  - 12. Authentication device (300) according to claim 10 or 11, characterized in that it additionally includes means (330) for verifying the validity of said key delivery message (M400), based on a third authentication code contained in said key delivery message (M430).
  - 13. Smart card, characterized in that it includes an authentication device (300) according to any one of claims 1 to 12.
  - 14. SIM card (20), characterized in that it includes an authentication device (300) according to any one of claims 1 to 12.
  - 15. Telephone (30), characterized in that it includes means (32) designed to receive a SIM card (20) according to claim 14.
  - 16. Telephone (30) according to claim 15, the SIM card (20) including an authentication device (300) according to any one of claims 5 to 12, said telephone (30) being characterized in that it additionally includes means (34) for entering said personal identification number (344).
  - 17. Activation server (500), in a remote payment system (10), characterized in that it includes:
    - means (510) for receiving an activation request (M600) from a user account server (800), said activation request (M600) including an identifier (522) of an authentication device (300) according to any one of claims 10 to 12;
      
      means (530) for generating said first authentication key (342); and
      
      means (550) for sending, on receipt of a response to said activation request (M600), said key delivery message (M400) to said authentication device (300).
  - 18. Activation server (500) according to claim 17, characterized in that said identifier (522) is a telephone number.
  - 19. Activation server (500) according to claim 17 or 18, characterized in that it additionally includes means (530) for saving said first authentication key (342) in a secure database (540).
  - 20. Activation server (500) according to any one of claims 17 to 19, characterized in that it additionally includes means (530) for generating a second authentication key (542), from said first authentication key (342), and in that it includes means (530) for saving said second authentication key (542) in a secure database (540).
  - 21. Activation server (500) according to any one of claims 17 to 20, characterized in that it additionally includes means (530) for computing a third authentication code, and in that said sending means (550) are designed to insert said third authentication code into said key delivery message (M430).
  - 22. Activation server (500) according to any one of claims 17 to 21, said activation request (M600) including an identifier of an authentication device (522) according to claim 11 or 12, said activation server (500) being characterized in that said sending means (550) are designed to insert said personal unblocking identification number (346) into said key delivery message (M410).
  - 23. Activation server (500) according to claim 21, characterized in that it additionally includes means (570) for encrypting said key delivery message (M400), based on a transport key (349).
  - 24. Activation server (500) according to claim 23, characterized in that it additionally includes means (550) for obtaining said transport key (349) and a personal unblocking identification number (346) from a preactivation database (560).
  - 25. Activation server (500) according to claim 23 or 24, characterized in that said computation means (550) are designed to compute said third authentication code based on said transport key (349).
  - 26. Activation server (500) according to claim 24 or 25, characterized in that it additionally includes means (550) for sending an authentication registration (M700) to an authentication server (900), said authentication registration (M700) including said transport key (349) and said personal unblocking identification number (346).
  - 27. User account server (800), in a remote payment system (10), characterized in that it includes:
    - means (810) for creating and storing at least one user account (830) associated with an authentication device (300) according to any one of claims 1 to 12;
      
      means (840) for sending an activation request (M600) to an activation server (500) according to any one of claims 17 to 26; and
      
      means (840) for sending a second authentication request to an authentication server (900).
  - 28. User account server (800) according to claim 27, characterized in that said user account includes:
    - an identifier (522) of said authentication device (300); and
      
      at least one payment option (831, 832) for said transaction.
  - 29. Authentication server (900), in a remote payment system (10), characterized in that it includes:
    - means (910) for receiving at least one authentication registration (M700) from an activation server (500) according to claim 26;
      
      means (910) for storing said authentication registration (M700);
      
      means (910) for receiving a second authentication request from a user account server (800) according to claim 27 or 28;
      
      means (930) for sending said first authentication request (M100) to an authentication device (300) according to any one of claims 1 to 12, on receipt of said second authentication request;
      
      means (910) for receiving a return authentication message (M200) from said authentication device (300); and
      
      means (930) for sending a transaction confirmation message to said user account server (800) on receipt of said return authentication message (M200).
  - 30. Remote payment system (10), characterized in that it includes an authentication device (300) according to any one of claims 1 to 12, an activation server (500) according to any one of claims 17 to 26, a user account server (800) according to claim 27 or 28 and an authentication server (900) according to claim 29.
  - 31. Remote payment system (10) according to claim 30, characterized in that it uses an infrastructure of a mobile telephony network (40).
  - 32. Remote payment system (10) according to claim 31, characterized in that said mobile network (40) is a GSM network.
  - 33. Remote payment system (10) according to claim 32, characterized in that said messages and said requests comply with the SMS format of the GSM protocol.

34. Method of authentication with an authentication server (900) in a remote payment system (10), said authentication being prior to a transaction by a user, said method being characterized in that it includes the following steps:
- reception (E1130) of a first authentication request (M100) from said authentication server (900);
  
  verification (E1150) of the validity of said authentication request (M100);
  
  validation (Ell90), by the user, of said transaction;
  
  check (E1170) on the identity of said user; and
  
  sending (E1280) of a return authentication message (M200) to said authentication server (900).
- View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
- - 35. Authentication method according to claim 34, said authentication request (M100) including a description of said transaction, an identifier of said transaction and a first authentication code from said authentication server (900), said method being characterized in that the validity of said authentication request is verified using said first authentication code and a first authentication key (342), during said verification step (E1150).
  - 36. Authentication method according to claim 34 or 35, characterized in that it additionally includes a step (E1250) for generating a second authentication code, said second authentication code being inserted into said return authentication message (M240) during a first insertion step (E1260).
  - 37. Authentication method according to any one of claims 34 to 36, characterized in that a response (322), dependent on said validation of the transaction, is inserted into said return authentication message (M210) during a second insertion step (E1220).
  - 38. Authentication method according to any one of claims 34 to 37, characterized in that a personal identification number (344) is used during said step for checking the identity of said user (E1170).
  - 39. Authentication method according to any one of claims 34 to 38, characterized in that it additionally includes a step (E1140) for decrypting said first authentication request (M100), based on a transport key (349).
  - 40. Authentication method according to any one of claims 34 to 39, characterized in that it additionally includes a step (E1270) for encrypting said return authentication message (M200), based on a transport key (349).
  - 41. Authentication method according to any one of claims 34 to 40, said transaction including a payment operation, said method being characterized in that it additionally includes a step (E1200) for selecting a payment option (324) for said transaction, said option (324) being inserted into said return authentication message (field M220 of M200) during a step (E1210) for inserting a payment option.
  - 42. Authentication method according to any one of claims 36 to 41, characterized in that said step (E1250) for generating said second authentication code uses a transaction counter (348), said transaction counter (348) being inserted into said return authentication message (M230) during a step (E1240) for inserting a transaction counter.
  - 43. Authentication method according to any one of claims 35 to 42, characterized in that it additionally includes a step (E1100) for receiving a key delivery message (M400), said key delivery message (M400) including said first authentication key (342).
  - 44. Authentication method according to claim 43, characterized in that said key delivery message (M400) additionally includes a personal unblocking identification number (346).
  - 45. Authentication method according to claim 43 or 44, characterized in that it additionally includes a step (E1110) for verifying the validity of said key delivery message (M400), based on a third authentication code contained in said key delivery message (M430).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sybase 365 Incorporated (SAP SE)
Original Assignee
Sybase 365 Incorporated (SAP SE)
Inventors
Guillot, Charles, Barbier, Eric, Dolique, Christophe

Application Number

US10/468,476
Publication Number

US 20040139013A1
Time in Patent Office

Days
Field of Search
US Class Current

705/40
CPC Class Codes

G06Q 20/102   Bill distribution or payments

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 40/00   Finance; Insurance; Tax str...

H04L 2463/102   applying security measure f...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/126   the source of the received ...

Remote electronic payment system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

Remote electronic payment system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links