System and method of secure authentication and billing for goods and services using a cellular telecommunication and an authorization infrastructure
First Claim
1. A method for authorizing a mobile station to use a product, service, access, or some other right provided by a service provider, comprising:
- accessing a gateway by the mobile station and transmitting an identification code to the gateway;
verifying the identity of the mobile station by the gateway accessing an authentication center and comparing variables computed by the mobile station and variables computed by the gateway;
creating a shared signing key;
delivering a signature verification address to the mobile station by the gateway when the identity of the mobile station has been verified, wherein a signature verification service at said address is capable of verifying digital signatures using the shared signing key;
requesting a product, service, access or a right from the service provider and transmitting a digital signature, accompanied by the signature verification address to the service provider by the mobile station; and
accessing the signature verification address by the service provider and verifying the digital signature.
2 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program for authorizing a mobile station to use a product, service, access or other rights provided by a service provider through the use of digital signatures. These digital signatures are based on a shared signing key, and can be verified using a signature verification service. This system, method and computer program will validate the identity of the mobile station being used utilizing long term keys stored in the mobile station and an authentication center. The system, method and computer program will then utilize the signing key and the signature verification service to verify digital signatures that enable the authorization to access products, services, access or other rights using a mobile station. When this system, method and computer program is used for authorizing payment transactions, the gateway will verify the authenticity of any charges made based on the signatures received. Thus, a user of this system, method and computer program can purchase goods and services without fear of fraud or errors.
140 Citations
24 Claims
-
1. A method for authorizing a mobile station to use a product, service, access, or some other right provided by a service provider, comprising:
-
accessing a gateway by the mobile station and transmitting an identification code to the gateway;
verifying the identity of the mobile station by the gateway accessing an authentication center and comparing variables computed by the mobile station and variables computed by the gateway;
creating a shared signing key;
delivering a signature verification address to the mobile station by the gateway when the identity of the mobile station has been verified, wherein a signature verification service at said address is capable of verifying digital signatures using the shared signing key;
requesting a product, service, access or a right from the service provider and transmitting a digital signature, accompanied by the signature verification address to the service provider by the mobile station; and
accessing the signature verification address by the service provider and verifying the digital signature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 18, 19)
-
-
15. A system for ordering, paying for and delivering goods and services using a mobile station, comprising:
-
a GSM mobile communication authentication module to verify that the mobile station is permitted to access a telecom infrastructure;
a mobile station certificate/signature verification address acquisition module to request a signature verification address for the mobile station from a gateway; and
a gateway certificate/signature verification address generation module to verify that the mobile station is authorized to receive the signature verification address by transmitting an international mobile subscriber identifier received from the mobile station to an authentication center, calculate variables based on information received from the authentication center and compare them to variables computed by the mobile station, and issue the signature verification address to the mobile station when the variables match.
-
-
20. A computer program embodied on a computer readable medium and executable by a computer for ordering, paying for and delivering goods and services using a mobile station, comprising:
-
a GSM authentication code segment to verify that the mobile station is permitted to access a telecom infrastructure;
a mobile station certificate/signature verification address acquisition code segment to request a signature verification address for the mobile station from a gateway; and
a gateway certificate/signature verification address generation code segment to verify that the mobile station is authorized to receive the signature verification address by transmitting an international mobile subscriber identifier received from the mobile station to an authentication center, calculate variables based on information received from the authentication center and compare them to variables computed by the mobile station, and issue the digital certificate to the mobile station when the variables match. - View Dependent Claims (21, 22, 23, 24)
-
Specification