WO2001006752A1 - Method for user authentication and billing in an information network service - Google Patents

Method for user authentication and billing in an information network service Download PDF

Info

Publication number
WO2001006752A1
WO2001006752A1 PCT/FI2000/000646 FI0000646W WO0106752A1 WO 2001006752 A1 WO2001006752 A1 WO 2001006752A1 FI 0000646 W FI0000646 W FI 0000646W WO 0106752 A1 WO0106752 A1 WO 0106752A1
Authority
WO
WIPO (PCT)
Prior art keywords
information network
mobile terminal
network service
user
terminal connection
Prior art date
Application number
PCT/FI2000/000646
Other languages
French (fr)
Inventor
Jari Annala
Original Assignee
Comptel Plc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Comptel Plc filed Critical Comptel Plc
Priority to AU62838/00A priority Critical patent/AU6283800A/en
Publication of WO2001006752A1 publication Critical patent/WO2001006752A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/16Payments settled via telecommunication systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/24Credit schemes, i.e. "pay after"
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/388Payment protocols; Details thereof using mutual authentication without cards, e.g. challenge-response
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F17/00Coin-freed apparatus for hiring articles; Coin-freed facilities or services
    • G07F17/16Coin-freed apparatus for hiring articles; Coin-freed facilities or services for devices exhibiting advertisements, announcements, pictures or the like
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/48Secure or trusted billing, e.g. trusted elements or encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/68Payment of value-added services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/70Administration or customization aspects; Counter-checking correct charges
    • H04M15/73Validating charges
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/01Details of billing arrangements
    • H04M2215/0156Secure and trusted billing, e.g. trusted elements, encryption, digital signature, codes or double check mechanisms to secure billing calculation and information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/01Details of billing arrangements
    • H04M2215/0196Payment of value-added services, mainly when their charges are added on the telephone bill, e.g. payment of non-telecom services, e-commerce, on-line banking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M2215/00Metering arrangements; Time controlling arrangements; Time indicating arrangements
    • H04M2215/70Administration aspects, modify settings or limits or counter-check correct charges
    • H04M2215/7072Validate charges

Definitions

  • the invention relates to a method according to the preamble of claim 1 for authen- tication and billing of an information network user, in which method the user of an information network service is identified, the product ordered by the information network service user is delivered to the user or, respectively, the service ordered by the user is produced for the same.
  • nontangible goods such as network-readable publications, interactive services, computer programs, music and other information accessible in digital format.
  • These can be delivered to the customer over the Internet.
  • tangible goods such as books, food and home appliances.
  • These can be shipped to the customer over a conventional delivery system such as the mail, for instance.
  • information network services all of these services offered over the Internet are called information network services.
  • the information network service user can be identified by his user identification code and a password associated thereto.
  • the database of the information network service provider stores the service user identification codes and respective passwords that the service user in a plurality of offered services can define when running the first session with the service.
  • the customer identity must be validated even before the first session.
  • a user identification code and password that open access to the offered service may be submitted to the customer.
  • the customer To initiate the use of a desired information network service, the customer must first enter his user identification code and the respective password.
  • the transmission of passwords always involves a security risk as they may be captured from the network.
  • a password presumes that the password must be memorized and, since the user of an information network generally utilizes a plurality of different services, all the passwords related to each one of them must then be memorized. This poses a real problem, because a customer subscribing to tens of services on an occa- sional basis has then difficulties in memorizing or keeping log on those tens of different passwords of maximally random form, particularly as the passwords may be replaced by new ones every now and then in order to maintain data security.
  • Method for the billing of transactions over the Internet US Pat. No. 5,905,736
  • the method disclosed therein is based on utilizing the Internet user's IP address as the user identification code.
  • IAP Internet access provider
  • Information network service providers make an agreement with the IAP on the billing system and then the information network service provider can identify a user associated with such an agreement from the IP address assigned the user.
  • the information network service provider sends billing data that are identified by the user's IP address to the billing platform, which stores the data for billing to the correct user.
  • the billing platform allocates the payments to predetermined billing mechanisms such as the telephone bill, a credit card system or, e.g., to a separate invoice.
  • predetermined billing mechanisms such as the telephone bill, a credit card system or, e.g., to a separate invoice.
  • a handicap of this arrangement is that each transaction needs a new, secure connection both between the IAP's system and the billing platform and, respectively, between the information network service provider and the billing platform.
  • the arrangement is also subject to aliasing of IP addresses.
  • the billed items may be transferred data, tangible goods or, e.g., interactive services offered in an information network. The method is most advantageously applicable to the billing of purchase transactions of relatively small financial value.
  • the goal of the invention is achieved by virtue of using the connection identification code of a mobile terminal system, such as that contained in the SIM card of an GSM system, for user identification.
  • the user of the informa- tion network service submits the identification code, such as his mobile phone number, of his mobile terminal connection, over the information network.
  • the information network service provider sends a message to that specific mobile terminal connection associated with the identification code.
  • the information network service provider receives an acknowledge message from the specific mobile terminal connection, thus securing that the identified information network service user is controlling the specific mobile terminal connection.
  • the service provider is ascertained that the service user possesses the SIM card of his mobile terminal, whereby the billing can be made to the owner of the terminal connection.
  • the user identification occurs at the same security level as generally takes place, e.g., in an GSM network.
  • the method according to the invention for information network service user authentication and billing in which method the service user is identified, and the product ordered by the service user is delivered to the user or, respectively, the service ordered by the user is produced for the same, is characterized by what is stated in the characterizing part of claim 1.
  • the invention offers significant benefits.
  • the user of an Internet service can be identified at a higher level of security than what is offered in conventional telecom connections and utilizing existing identification schemes.
  • the billing of services offered in information networks such as the Internet can be centralized to a mobile phone operator, whereby occasional offering/purchasing of information network services at extremely attractive prices is facilitated.
  • the control of billing operations can be transferred to the mobile phone operator, whereby the same can relieve the service provider from the task of monitoring the payments and credit integrity of the customer ordering the services.
  • the mobile phone operator can also monitor in behalf of the purchasing customer that, e.g., before a product is billed to the customer, the information network service provider really takes responsibility on delivering the ordered product.
  • FIG. 1 shows an embodiment of the invention for the identification of and service billing to a user of an information network.
  • Steps 101 - 102 are carried out to determine which goods and/or service is/are desired to be purchased:
  • a network terminal 11 receives via the Internet from a server 12 of an informa- tion network service a WWW page or set of pages stored thereon, whereby the information contained on the received page(s) indicates that the information network service provider is willing to sell a given product.
  • the information network service provider's server 12 receives over the Internet from the network terminal 11 a message indicating interest to purchase a given product 19. Additionally, the information network service provider's server 12 receives from the IP-compatible terminal a proposed connection identification code 14 of the mobile terminal connection 13, such as the mobile phone number of the connection. Herein, the information network service provider may also receive information on such details as how, when and/or whereto the customer wishes the product to be delivered.
  • steps 103 - 107 are next carried out:
  • a short-message service exchange SMSC 17 receives over a secured communi- cations path a first short message 15 of a predetermined SMS format that is directed from the server 12 to the mobile terminal connection associated with the proposed connection identification code 14 and compiles a data structure including at least said first short message 15, the proposed connection identification code 14 and a customer account code 21 given by the information network service provider 10, whereupon the exchange stores the thus formed data structure.
  • SMSC 17 relays the first short message 15 to the mobile terminal connection 13.
  • SMSC 17 receives a second short message 16 of a predetermined SMS format that is directed from the mobile terminal connection 13 to the server 12 of the information network service provider 10. Thereupon, SMSC 17 compiles a data structure including at least said second short message 16, the actual connection identification code 14 of the mobile terminal connection 13 and the customer account code 21 given by the information network service provider 10, whereupon the exchange stores the thus formed data structure. 106) SMSC 17 relays over a secured communications path said second short message 16, as well as combined therewith the actual mobile terminal connection identification code 18 received from the mobile terminal connection 13, to the server 12 of the information network service provider 10.
  • the information network service provider 1 compares the first short message 15 sent by the service provider with the second short message 16 received from the SMSC 17 and, respectively, compares the proposed connection identification code 14 received over the Internet from the network terminal device 11 with the actual connection identification code 18 received from the SMSC 17 and, hereby, interprets the received second short message 16 to be a proper response expected for the first short message 15 and, respectively, assumes the proposed connection identification code 14 and the actual connection identification code 18 to be assigned the same mobile terminal connection 13.
  • the information network service provider 10 receiving the customer order knows that the party sending the order from the network terminal device 11 has a full control over the mobile terminal connection 13.
  • this presumes the possession of an SIM card and, generally, also entering the correct PIN code from the keyboard at the switch-on of a mobile phone.
  • the party ordering products via the server 12 of the information network service provider can be authenticated at the same security level as that of the identification of a mobile phone network subscriber when the subscriber uses the mobile phone network.
  • two alternative methods can be used. Tangible goods are shipped according to step 108 described below.
  • Nontangible products such as data is delivered according to step 109:
  • the information network service provider 10 sends the ordered product to the address specified by the customer using a physical shipping system such as the mail or a delivery service.
  • the information network service provider 10 transmits the ordered product 19 to the network terminal 1 1 over the information network.
  • Steps 110 and 111 are necessary to complete the billing routines:
  • a control system 23 of the mobile phone network operator 22 examines the short messages passed through the SMSC 17.
  • a first short message 15 and, as a response sent thereto, a second short message 16 containing sender and recipient information.
  • the information contents and sender/recipient data of the first short message 15 and the second short message 16, respectively, are compared with each other.
  • the proposed connection identification code 14 and the actual connection identification code 18 that are received from different sources are found to be assigned the same mobile terminal connection 13.
  • the second short message 16 contains the correct response message information requested by the first short message 15.
  • the billing data is transmitted to the billing system 24 and the mobile terminal connection 13 is billed on the basis of the information contained in the first short message 15 and/or the second short message 16.
  • the service billing may also be charged to a mobile phone bill, a separate invoice or, using a separate telecommunications connection, to a credit card system and therefrom to the customer's credit card invoice.
  • the second short message 16 carries any specific information transmitted from the connection 13, but for the sake of improved security level, it is possible to embed in the first short message 15 a string 25 of cryptographic authentication characters, such as a 5-digit random number, which is presumed to be returned in the response message (that is, in short message 16).
  • This procedure secures that the terminal user responds to the correct message and that he actually possesses the connection identification code of the responding mobile terminal, such as the SIM card of the mobile phone being used, and that the correct PIN code has been entered at the switch-on of the mobile terminal device.
  • An alternative method of improving information security is to add a random number at the end of the calling party's number, whereby the user's response message is directed to this modified number (e.g., if the service access number is 1234 and the generated random number is 97667, the service allocates the calling party a specific access number 123497667, whereby the user dials this number to respond).
  • the telephone exchange and the short-message switching center are programmed to redirect the second short message 16 to the correct recipient.
  • the security level of the data transmission between the network terminal device 11 and the server 12 can be improved by way of adopting the SSL (Secure Socket Layer) encryption technique and, also, by way of launching a JAVA applet in the terminal browser that then takes over communications with the offered service.
  • SSL Secure Socket Layer
  • connection identification code is used to make reference to the identifying code, such as a mobile phone number of a mobile terminal connection.

Abstract

The invention relates to a method for authentication and billing of an information network user, in which method the user of an information network service is identified, the product ordered by the information network service user is delivered to the user or, respectively, the service ordered by the user is produced for the same. The information network service provider (10) receives (102 and 105 - 106) over the information network from a mobile terminal connection (13) the proposed connection identification code (14) of the calling mobile terminal connection (13), such as its telephone number and a message that contains the actual identification code (18) of the calling mobile terminal connection (13). The information network service provider (10) compares the proposed connection identification code (14) with the actual connection identification code (18), combined with other possible securing messages, and with a perfect match between these, confirms the services user as identified. The mobile terminal network operator compares a first message (15), such as an SMS-format short message, sent by the information network service provider (10) with another message sent from the calling mobile terminal connection (13) such as another short message (16), and bills to the mobile terminal connection (13) on the basis of the information contained in the first message (15) and/or the second message (16).

Description

METHOD FOR USER AUTHENTICATION AND BILLING IN AN INFORMATION NETWORK SERVICE
The invention relates to a method according to the preamble of claim 1 for authen- tication and billing of an information network user, in which method the user of an information network service is identified, the product ordered by the information network service user is delivered to the user or, respectively, the service ordered by the user is produced for the same.
By means of conventional Internet techniques, today an enormous quantity of different information and other services have been implemented. For instance, nontangible goods such as network-readable publications, interactive services, computer programs, music and other information accessible in digital format. These can be delivered to the customer over the Internet. It is also possible to buy different kinds of tangible goods over the Internet, such as books, food and home appliances. These can be shipped to the customer over a conventional delivery system such as the mail, for instance. Later in the text, all of these services offered over the Internet are called information network services.
In the conventional technique, the information network service user can be identified by his user identification code and a password associated thereto. The database of the information network service provider stores the service user identification codes and respective passwords that the service user in a plurality of offered services can define when running the first session with the service. In certain services, the customer identity must be validated even before the first session. Today, no secure means have been devised for this task but an in-person meeting between the customer and the service provider. By the same token, a user identification code and password that open access to the offered service may be submitted to the customer. To initiate the use of a desired information network service, the customer must first enter his user identification code and the respective password. Herein, the transmission of passwords always involves a security risk as they may be captured from the network. Further, the use of a password presumes that the password must be memorized and, since the user of an information network generally utilizes a plurality of different services, all the passwords related to each one of them must then be memorized. This poses a real problem, because a customer subscribing to tens of services on an occa- sional basis has then difficulties in memorizing or keeping log on those tens of different passwords of maximally random form, particularly as the passwords may be replaced by new ones every now and then in order to maintain data security.
A great number of information network services are profit-based, which means that the payment transactions associated with their use must be handled in some manner. All the known ways to transmit this payment transaction traffic involve their specific shortcomings, and the lack of a practicable payment convention in information network services may be the greatest obstacle to their wider deployment. Herein, such techniques are used as prepaid mail delivery and billing the product either after the delivery or prior to its delivery. In many cases, these techniques are impracticable, since particularly in the international commerce, banking costs form an unduly high portion in the overall price of a product. Moreover, it is awkward to send notices on unpaid bills of a relatively low value, a task which is further complicated by the unsure identification of a service user, particularly those subscribing on an occasional basis. A great number of information network service providers accept a credit card as the only legitimate payment instrument of purchases carried out over a network. However, not all people have a credit card and many credit card owners are reluctant to give their credit card number to a nonphysical party that often is located abroad over such a path wherein the number may be captured by anyone. It is also difficult to clear billings that deviate from the agreed price or bear extra costs, particularly if the billing takes place in a foreign country, which means that many people are cautious against taking the risk of getting involved in clearing such problems.
In the art is known a more secure method for billing transactions over the Internet ("Method for the billing of transactions over the Internet", US Pat. No. 5,905,736). The method disclosed therein is based on utilizing the Internet user's IP address as the user identification code. Upon the user establishing a connection in the Internet, an Internet access provider, IAP, transmits the billing platform the user's identity and a temporary IP associated with the same. Information network service providers make an agreement with the IAP on the billing system and then the information network service provider can identify a user associated with such an agreement from the IP address assigned the user. Upon the signing of a purchase transaction, the information network service provider sends billing data that are identified by the user's IP address to the billing platform, which stores the data for billing to the correct user. The billing platform allocates the payments to predetermined billing mechanisms such as the telephone bill, a credit card system or, e.g., to a separate invoice. A handicap of this arrangement is that each transaction needs a new, secure connection both between the IAP's system and the billing platform and, respectively, between the information network service provider and the billing platform. The arrangement is also subject to aliasing of IP addresses.
It is an object of the present invention to overcome the drawbacks of the above- described prior-art techniques and to provide an entirely novel type of method for identification of an information network service user and to improve the security of customer identification in information network services. It is another object of the invention to facilitate billing of information network services to the customers mobile telephone bill. The billed items may be transferred data, tangible goods or, e.g., interactive services offered in an information network. The method is most advantageously applicable to the billing of purchase transactions of relatively small financial value.
The goal of the invention is achieved by virtue of using the connection identification code of a mobile terminal system, such as that contained in the SIM card of an GSM system, for user identification. According to the invention, the user of the informa- tion network service submits the identification code, such as his mobile phone number, of his mobile terminal connection, over the information network. The information network service provider sends a message to that specific mobile terminal connection associated with the identification code. Subsequently, the information network service provider receives an acknowledge message from the specific mobile terminal connection, thus securing that the identified information network service user is controlling the specific mobile terminal connection. At this stage, the service provider is ascertained that the service user possesses the SIM card of his mobile terminal, whereby the billing can be made to the owner of the terminal connection. The user identification occurs at the same security level as generally takes place, e.g., in an GSM network.
More specifically, the method according to the invention for information network service user authentication and billing, in which method the service user is identified, and the product ordered by the service user is delivered to the user or, respectively, the service ordered by the user is produced for the same, is characterized by what is stated in the characterizing part of claim 1.
The invention offers significant benefits. The user of an Internet service can be identified at a higher level of security than what is offered in conventional telecom connections and utilizing existing identification schemes. The billing of services offered in information networks such as the Internet can be centralized to a mobile phone operator, whereby occasional offering/purchasing of information network services at extremely attractive prices is facilitated. The control of billing operations can be transferred to the mobile phone operator, whereby the same can relieve the service provider from the task of monitoring the payments and credit integrity of the customer ordering the services. The mobile phone operator can also monitor in behalf of the purchasing customer that, e.g., before a product is billed to the customer, the information network service provider really takes responsibility on delivering the ordered product.
In the following, the invention is examined in detail with the help of an exemplifying embodiment by making reference to the attached drawing of FIG. 1, wherein FIG. 1 shows an embodiment of the invention for the identification of and service billing to a user of an information network.
The method is implemented by way of the steps described below. Steps 101 - 102 are carried out to determine which goods and/or service is/are desired to be purchased:
101) A network terminal 11 receives via the Internet from a server 12 of an informa- tion network service a WWW page or set of pages stored thereon, whereby the information contained on the received page(s) indicates that the information network service provider is willing to sell a given product.
102) The information network service provider's server 12 receives over the Internet from the network terminal 11 a message indicating interest to purchase a given product 19. Additionally, the information network service provider's server 12 receives from the IP-compatible terminal a proposed connection identification code 14 of the mobile terminal connection 13, such as the mobile phone number of the connection. Herein, the information network service provider may also receive information on such details as how, when and/or whereto the customer wishes the product to be delivered.
To authenticate the buyer's identity to the information network service provider 10, steps 103 - 107 are next carried out:
103) A short-message service exchange SMSC 17 receives over a secured communi- cations path a first short message 15 of a predetermined SMS format that is directed from the server 12 to the mobile terminal connection associated with the proposed connection identification code 14 and compiles a data structure including at least said first short message 15, the proposed connection identification code 14 and a customer account code 21 given by the information network service provider 10, whereupon the exchange stores the thus formed data structure.
104) SMSC 17 relays the first short message 15 to the mobile terminal connection 13.
105) SMSC 17 receives a second short message 16 of a predetermined SMS format that is directed from the mobile terminal connection 13 to the server 12 of the information network service provider 10. Thereupon, SMSC 17 compiles a data structure including at least said second short message 16, the actual connection identification code 14 of the mobile terminal connection 13 and the customer account code 21 given by the information network service provider 10, whereupon the exchange stores the thus formed data structure. 106) SMSC 17 relays over a secured communications path said second short message 16, as well as combined therewith the actual mobile terminal connection identification code 18 received from the mobile terminal connection 13, to the server 12 of the information network service provider 10.
107) The information network service provider 1 compares the first short message 15 sent by the service provider with the second short message 16 received from the SMSC 17 and, respectively, compares the proposed connection identification code 14 received over the Internet from the network terminal device 11 with the actual connection identification code 18 received from the SMSC 17 and, hereby, interprets the received second short message 16 to be a proper response expected for the first short message 15 and, respectively, assumes the proposed connection identification code 14 and the actual connection identification code 18 to be assigned the same mobile terminal connection 13.
At this stage, the information network service provider 10 receiving the customer order knows that the party sending the order from the network terminal device 11 has a full control over the mobile terminal connection 13. In a GSM network, this presumes the possession of an SIM card and, generally, also entering the correct PIN code from the keyboard at the switch-on of a mobile phone. Hence, the party ordering products via the server 12 of the information network service provider can be authenticated at the same security level as that of the identification of a mobile phone network subscriber when the subscriber uses the mobile phone network. In the delivery of the ordered product, two alternative methods can be used. Tangible goods are shipped according to step 108 described below. Nontangible products such as data is delivered according to step 109:
108) The information network service provider 10 sends the ordered product to the address specified by the customer using a physical shipping system such as the mail or a delivery service.
109) The information network service provider 10 transmits the ordered product 19 to the network terminal 1 1 over the information network.
Steps 110 and 111 are necessary to complete the billing routines:
110) At a later stage after or, alternatively, already during the execution of the above-described steps, a control system 23 of the mobile phone network operator 22 examines the short messages passed through the SMSC 17. Herein is detected a first short message 15 and, as a response sent thereto, a second short message 16 containing sender and recipient information. The information contents and sender/recipient data of the first short message 15 and the second short message 16, respectively, are compared with each other. Herein, the proposed connection identification code 14 and the actual connection identification code 18 that are received from different sources are found to be assigned the same mobile terminal connection 13. As an additional check it can be verified that the second short message 16 contains the correct response message information requested by the first short message 15.
1 1 1) The billing data is transmitted to the billing system 24 and the mobile terminal connection 13 is billed on the basis of the information contained in the first short message 15 and/or the second short message 16.
The service billing may also be charged to a mobile phone bill, a separate invoice or, using a separate telecommunications connection, to a credit card system and therefrom to the customer's credit card invoice.
It is not mandatory that the second short message 16 carries any specific information transmitted from the connection 13, but for the sake of improved security level, it is possible to embed in the first short message 15 a string 25 of cryptographic authentication characters, such as a 5-digit random number, which is presumed to be returned in the response message (that is, in short message 16). This procedure secures that the terminal user responds to the correct message and that he actually possesses the connection identification code of the responding mobile terminal, such as the SIM card of the mobile phone being used, and that the correct PIN code has been entered at the switch-on of the mobile terminal device. It must be noted herein that in a strict sense the use of a terminal does not presume the PIN code to be known by the user, since the owner of the connection may have disabled the function of user identification by the PIN code or the mobile phone may have been operative at the hand-over of its possession.
An alternative method of improving information security is to add a random number at the end of the calling party's number, whereby the user's response message is directed to this modified number (e.g., if the service access number is 1234 and the generated random number is 97667, the service allocates the calling party a specific access number 123497667, whereby the user dials this number to respond). In this arrangement, the telephone exchange and the short-message switching center are programmed to redirect the second short message 16 to the correct recipient.
The security level of the data transmission between the network terminal device 11 and the server 12 can be improved by way of adopting the SSL (Secure Socket Layer) encryption technique and, also, by way of launching a JAVA applet in the terminal browser that then takes over communications with the offered service.
In the context of the present application and particularly in its claims, the term connection identification code is used to make reference to the identifying code, such as a mobile phone number of a mobile terminal connection.

Claims

What is claimed is:
1. Method for authentication and billing of an information network user, in which method the user of an information network service is identified, the product ordered by the information network service user is delivered to the user or, respectively, the service ordered by the user is produced for the same,
characterized in that
- the connection identification code (14) of the mobile terminal connection (13) possessed by the information network service user is requested, the connection identification code (14) of the mobile terminal connection (13) is received (102) over the information network, a first set of data (15) in a predetermined format is transmitted (103 - 104) to the mobile terminal connection (13) possessed by the information network service user, a second set of data (16) in a predetermined format is received (105 - 106) from the mobile terminal connection (13) possessed by the information network service user, and - the information network service user is authenticated on the basis of the information received in digital format from said mobile terminal connection (13).
2. Method according to claim 1, characterized in that service billing (111) for the information network service is directed to the mobile terminal connection (13), the owner of the mobile terminal connection (13) or to a party defined by said owner.
3. Method according to any one of claims 1-2, characterized in that said first set of data (15) and/or said second set of data (16) of a predetermined format comprises at least one short message in the SMS-format.
4. Method according to any one of claims 1-3, characterized in that a short-message service center SMSC compiles information from the short message(s) (15) of the SMS format sent (103) by the information network service provider and from the short message(s) (16) of the SMS format sent (105) from the mobile terminal of the information network service user and then sends (110-111) the information to a billing system.
5. Method according to any one of claims 1 -4, characterized in that to said mobile terminal connection (13) is billed a sum of money defined in said first set of data (15) of a predetermined format and/or in said second set of data (16) of a predetermined format.
6. Method according to any one of claims 1-5, characterized in that the possession of said mobile terminal connection (13) is assumed to include the possession of a physical identification token such as a SIM card.
7. Method according to any one of claims 1-6, characterized in that the access to offered network services over the information network takes place on
WWW pages managed by the information network service provider (10).
8. Method according to any one of claims 1-7, characterized in that the information network service provider (10) receives (106) data (16) of a predeter- mined format that has been sent (104) from the mobile terminal connection possessed by the information network service user or, alternatively, a message indicating that data (16) of a predetermined format has been sent (104) from the mobile terminal connection possessed by the information network service user.
9. Method according to any one of claims 1-8, characterized in that to said data (15) of a predetermined format is added a given string of characters (25) and, as a precondition for the billing and/or delivery of the ordered product and/or service is presumed that said given string of characters (25) or, alternatively, another given string of characters (25) derivable from said first string of characters, is received (105) along with said second data (16) of a predetermined format sent from said mobile terminal connection (13) possessed by the information network service user.
10. Method according to any one of claims 1-9, characterized in that the use of the information network service offered by said information network service provider (10) is billed to the owner of said mobile terminal connection via the billing system of a mobile telephone network operator.
11. Method according to claim 10, characterized in that the service billing due to the use of the information network service is added to the telephone bill invoiced from the use of said mobile terminal connection.
PCT/FI2000/000646 1999-07-15 2000-07-13 Method for user authentication and billing in an information network service WO2001006752A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU62838/00A AU6283800A (en) 1999-07-15 2000-07-13 Method for user authentication and billing in an information network service

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI991614A FI991614A (en) 1999-07-15 1999-07-15 Procedure for authenticating and debiting a user of a data network service
FI991614 1999-07-15

Publications (1)

Publication Number Publication Date
WO2001006752A1 true WO2001006752A1 (en) 2001-01-25

Family

ID=8555085

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2000/000646 WO2001006752A1 (en) 1999-07-15 2000-07-13 Method for user authentication and billing in an information network service

Country Status (3)

Country Link
AU (1) AU6283800A (en)
FI (1) FI991614A (en)
WO (1) WO2001006752A1 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002065415A1 (en) * 2001-02-13 2002-08-22 Sagem S.A. Method for electronically ordering products at a sales outlet
EP1345403A1 (en) * 2002-03-15 2003-09-17 Sonera Oyj Billing a subscriber station without a subscriber identity module
WO2003094123A1 (en) * 2002-04-30 2003-11-13 Saj Muzaffar Payment system
EP1436752A1 (en) * 2001-09-21 2004-07-14 Paymentone Corporation Method and system for processing a transaction
EP2524492A1 (en) * 2010-01-11 2012-11-21 Mobile Messenger Global, Inc. Method and apparatus for billing purchases from a mobile phone application
US8681956B2 (en) 2001-08-23 2014-03-25 Paymentone Corporation Method and apparatus to validate a subscriber line
FR3016761A1 (en) * 2014-01-23 2015-07-24 Araxxe METHOD AND SYSTEM FOR DETECTING BYPASS OF A MOBILE TELEPHONY NETWORK DURING NON-SYNCHRONIZED COMMUNICATIONS
US9253319B1 (en) 2005-07-01 2016-02-02 Callwave Communications, Llc Methods and systems for call connecting calls
US9413885B1 (en) 2006-10-06 2016-08-09 Callwave Communications, Llc Methods and systems for blocking unwanted communications
US9721279B2 (en) 2010-03-23 2017-08-01 Microsoft Technology Licensing, Llc Determining mobile operators for mobile devices
WO2020128373A1 (en) * 2018-12-21 2020-06-25 Araxxe Method for monitoring the mode of termination of a telephone message
WO2020236511A1 (en) * 2019-05-22 2020-11-26 Saudi Arabian Oil Company System and method for secure billing for ims-based voip networks

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997001920A1 (en) * 1995-06-28 1997-01-16 Telecom Finland Oy A method and a system for charging a user of a computer system
WO1999001990A2 (en) * 1997-06-30 1999-01-14 Sonera Oyj Procedure for setting up a secure service connection in a telecommunication system
WO1999030293A2 (en) * 1997-11-26 1999-06-17 Helsingin Puhelin Oyj - Helsingfors Telefon Abp Method of billing for services and products purchased over a network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997001920A1 (en) * 1995-06-28 1997-01-16 Telecom Finland Oy A method and a system for charging a user of a computer system
WO1999001990A2 (en) * 1997-06-30 1999-01-14 Sonera Oyj Procedure for setting up a secure service connection in a telecommunication system
WO1999030293A2 (en) * 1997-11-26 1999-06-17 Helsingin Puhelin Oyj - Helsingfors Telefon Abp Method of billing for services and products purchased over a network

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002065415A1 (en) * 2001-02-13 2002-08-22 Sagem S.A. Method for electronically ordering products at a sales outlet
US8681956B2 (en) 2001-08-23 2014-03-25 Paymentone Corporation Method and apparatus to validate a subscriber line
EP1436752A1 (en) * 2001-09-21 2004-07-14 Paymentone Corporation Method and system for processing a transaction
EP1436752A4 (en) * 2001-09-21 2004-09-29 Paymentone Corp Method and system for processing a transaction
EP1345403A1 (en) * 2002-03-15 2003-09-17 Sonera Oyj Billing a subscriber station without a subscriber identity module
WO2003094123A1 (en) * 2002-04-30 2003-11-13 Saj Muzaffar Payment system
US9253319B1 (en) 2005-07-01 2016-02-02 Callwave Communications, Llc Methods and systems for call connecting calls
US9692891B1 (en) 2006-10-06 2017-06-27 Callwave Communications, Llc Methods and systems for blocking unwanted communications
US9413885B1 (en) 2006-10-06 2016-08-09 Callwave Communications, Llc Methods and systems for blocking unwanted communications
EP2524492A4 (en) * 2010-01-11 2014-11-19 Mobile Messenger Global Inc Method and apparatus for billing purchases from a mobile phone application
EP2524492A1 (en) * 2010-01-11 2012-11-21 Mobile Messenger Global, Inc. Method and apparatus for billing purchases from a mobile phone application
US9721279B2 (en) 2010-03-23 2017-08-01 Microsoft Technology Licensing, Llc Determining mobile operators for mobile devices
FR3016761A1 (en) * 2014-01-23 2015-07-24 Araxxe METHOD AND SYSTEM FOR DETECTING BYPASS OF A MOBILE TELEPHONY NETWORK DURING NON-SYNCHRONIZED COMMUNICATIONS
EP2899960A1 (en) * 2014-01-23 2015-07-29 Araxxe Method and system for detecting the bypassing of a mobile telephony network during unsynchronised communications
WO2020128373A1 (en) * 2018-12-21 2020-06-25 Araxxe Method for monitoring the mode of termination of a telephone message
FR3090919A1 (en) * 2018-12-21 2020-06-26 Araxxe Method for monitoring the termination mode of a telephone message
WO2020236511A1 (en) * 2019-05-22 2020-11-26 Saudi Arabian Oil Company System and method for secure billing for ims-based voip networks
US10917442B2 (en) 2019-05-22 2021-02-09 Saudi Arabian Oil Company System and method for secure billing for IMS-based VoIP networks

Also Published As

Publication number Publication date
FI991614A (en) 2001-01-16
AU6283800A (en) 2001-02-05

Similar Documents

Publication Publication Date Title
KR100344114B1 (en) Method for approving electronic commerce using the short message service and system therefor
AU771226B2 (en) Short message service (SMS) e-commerce
US5899980A (en) Retail method over a wide area network
KR100368600B1 (en) wireless network-based bill-pay apparatus and bill-pay method thereof
US20100211491A1 (en) Universal mobile electronic commerce
US20060224470A1 (en) Digital mobile telephone transaction and payment system
US20070027803A1 (en) System and process for remote payments and transactions in real time by mobile telephone
US6907239B1 (en) Charging for telecommunications download services
US20030120592A1 (en) Method of performing a transaction
JP2004509409A (en) Ways to secure transactions on computer networks
JP2010081614A (en) Concentrated communicating platform and method relating to mobile station and electronic trade in hetero-network environment
EP1163756B1 (en) Method and system for electronic commerce
WO2001006752A1 (en) Method for user authentication and billing in an information network service
RU2335801C2 (en) Method and device to support content purchase via public communication networks
US7054835B2 (en) Electronic commerce providing system having orderer authenticating function
ITMI20092355A1 (en) METHOD TO MANAGE ONLINE BUSINESS TRANSACTIONS
US8249960B2 (en) System and method to provide real time transaction validation and billing via a communications network
US20040039709A1 (en) Method of payment
EP1014672A2 (en) Arrangement for billing or billing authorization using a calling card
KR20200063114A (en) Method for Processing Settlement by using Program Installing Handheld Phone
KR20180004078A (en) Method for Processing Settlement by using Program Installing Handheld Phone
KR20170052544A (en) Method for Processing Settlement by using Program Installing Handheld Phone
KR20100136041A (en) System and method for processing mobile phone's settlement using question/answer interface
KR20160080102A (en) Method for Processing Settlement by using Program Installing Handheld Phone
KR20050080146A (en) Mobile phone payment service

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP